browser-record

SUSPICIOUS leaning but not malicious: the skill’s browser recording and trace storage behavior generally matches its stated purpose, but it expands trust through runtime `npx` execution and an unpinned `@latest` CLI. Main concerns are supply-chain exposure, recording of potentially sensitive browsing data, and the combination of arbitrary web content with Bash/file access.