cookie-sync

SUSPICIOUS: The skill is internally coherent for its stated purpose, and the Browserbase endpoints/install references appear first-party, so this is not clear malware. However, its purpose inherently involves exporting local authenticated cookies to a cloud context and enabling remote authenticated sessions, which is a high-impact capability that warrants medium-to-high security caution.

This module is best characterized as an authentication/session synchronization CLI rather than overt malware: it intentionally exports local browser cookies (highly sensitive authentication state) and injects them into a Browserbase cloud context. While it contains no obvious covert backdoor/persistence mechanisms, it introduces meaningful security concerns: (1) large-scale sensitive data transfer to a third party via addCookies, (2) potential SSRF-like behavior from resolving CDP_URL through fetch() on an input-derived endpoint, and (3) possible arbitrary local file read if CDP_PORT_FILE is attacker-controlled. Overall, use should be tightly controlled with trusted configuration and least-privilege assumptions.