cloakbrowser

This file is primarily a process launcher and logger for an unobserved Python component (serve.py). It does not itself implement network exfiltration or credential theft, but it explicitly targets a “stealth Chromium” + CDP endpoint workflow and forwards arbitrary CLI arguments to serve.py without validation. The principal security concern is that serve.py may start a powerful remote automation surface whose behavior is controlled by user-supplied options; therefore, risk cannot be ruled out from this wrapper alone and serve.py should be reviewed before use.

SUSPICIOUS: the install source is largely coherent and same-org, so this is not confirmed malware, but the skill’s purpose is to bypass bot detection and automate protected sites with a stealth browser. Its capabilities are high risk for AI-agent misuse, especially multi-step actions on arbitrary webpages and processing untrusted web content.