product-showcase

SUSPICIOUS. The skill’s core browsing and screenshot capabilities fit its stated purpose, and official Cloudflare/Playwright/Claude-in-Chrome references are broadly consistent. However, the undocumented `capture-screenshots` and `img-process` executables create a significant trust gap, and the skill recommends forwarding app credentials to a CLI tool via command-line arguments. That footprint is somewhat broader and riskier than necessary for a marketing-site generator, so overall it is not clearly malicious but carries meaningful supply-chain and credential-handling risk.