auth-sniffer

SUSPICIOUS: The capability is coherent with the stated purpose, but the purpose itself is high-risk session credential extraction from live browser profiles. No external exfiltration endpoint or obvious malicious installer is shown, yet the skill exposes cookies and storage auth to the agent and manipulates active browser processes, creating substantial security risk.

This specification describes high-risk functionality: forcibly terminating user browsers, launching a CDP instance, and extracting cookies/localStorage/sessionStorage. These capabilities enable credential/session theft and can disrupt user systems. Without clear safeguards (explicit consent, least-privilege operation, audit logging, in-transit and at-rest protections, scope limitations, and transparent operator controls), any implementation should be treated as dangerous and potentially malicious. Verify provenance, operational controls, and code-level protections before using or including an implementation in a supply chain.