browser-cdp

This module is not overtly malicious in the sense of sending data to external servers, but it performs a high-impact sensitive-data preparation workflow: it copies Cookies/Login Data (and possibly the entire Chrome Default profile) into a separate persistent profile directory and then launches Chrome with CDP enabled. Any attacker (or untrusted local software) that can access the debugProfile directory or connect to the CDP port could potentially leverage the copied authenticated session state. Treat as security-sensitive and ensure the CDP port and debugProfile directory are protected (file permissions, local user isolation, and process-level access controls) and that the workflow matches legitimate automation needs.

SUSPICIOUS. The skill is internally consistent as a CDP browser automation helper, and its main external dependency appears legitimate, but its stated purpose explicitly includes extracting auth tokens and reusing live login sessions. That makes the capability set high-risk and disproportionate for normal automation, with meaningful potential for credential theft and unauthorized account actions.