Actionbook

This skill is classified as suspicious due to its extensive high-risk capabilities, which, while intended for legitimate browser automation, could be easily abused. Key indicators include the `actionbook browser eval "JavaScript code"` command (found in `references/command-reference.md`), allowing arbitrary code execution within the browser context, which is a significant remote code execution (RCE) risk. Furthermore, the skill provides comprehensive browser control, including full access to page content (`text`, `html`, `snapshot`), cookie management (`cookies set/get`), and the ability to connect to existing browser sessions (`--cdp`) or use custom browser executables (`--browser-path`). While the documentation in `references/authentication.md` provides security best practices, these powerful features create a substantial attack surface for data exfiltration, session hijacking, or other malicious activities if the AI agent is compromised or prompted maliciously.