codex-essentials

SUSPICIOUS. The stated purpose fits a beginner setup skill, and the GitHub MCP server appears broadly consistent with official MCP distribution, but the skill also recommends installing a separate browser tool with unclear provenance and no version pinning or verification. This is not confirmed malware, but it expands agent capabilities through external installs in a way that is only partly justified and only partly verifiable.