Web Access.Bak

This skill legitimately implements a local CDP proxy to drive your Chrome, which inherently gives it access to everything your browser session can see and do. Before installing or running it: - Only use if you fully trust the source; the repository is unknown and the homepage is missing. Review the full scripts yourself (especially cdp-proxy.mjs) or ask a trusted reviewer. - Understand the risks: the proxy can read pages where you're logged in, capture screenshots (including video frames), execute arbitrary JS in pages, and cause the browser to upload local files (setFiles). Any of these can leak credentials, private messages, or local files. - Avoid running against your primary browser profile. Prefer an isolated Chrome profile or a dedicated browser instance launched solely for this skill (or run inside a sandbox/VM). - If you must use it, do NOT enable the optional Jina usage for sensitive pages — it sends data to a third-party service. - The proxy listens on localhost:3456 by default; ensure only trusted local processes/users have access, and monitor /tmp/cdp-proxy.log for unexpected activity. - If you cannot audit the code, do not grant it persistent use; prefer one-off manual actions under supervision. Summary action: only proceed if you trust the author and can run the proxy in an isolated environment (separate Chrome profile or VM); otherwise treat this skill as high-risk for data-exfiltration.