llm-wiki

Overall, this appears to be an authentication-aided scraping/automation utility rather than overt malware. However, it carries meaningful security risk due to (1) automatic harvesting and persistence of authenticated X session cookies from a running Chrome instance into local cookies.json and (2) use of agent-browser eval to execute JavaScript in the context of remotely loaded pages. It also adds a trust dependency by falling back to a third-party API for tweet text.

SUSPICIOUS. The stated purpose is coherent for a wiki-maintenance skill and its write scope is explicitly constrained, but it delegates core actions to unverified local shell/python scripts and mixes untrusted external content ingestion with file-writing behavior. No clear credential theft or malicious exfiltration is shown, yet the executable footprint is insufficiently verifiable for a benign classification.