opencli-operate

The skill is purpose-aligned but high-impact: it grants an agent broad browser automation over arbitrary sites using existing authenticated sessions, plus extraction of page/API data and local code writing. No clear credential-harvesting or third-party exfiltration is shown, so this is not confirmed malware, but the combination of authenticated browsing, untrusted web content, and write/exec-adjacent capability makes it a medium-high risk skill.