Web Tools Guide

The skill bundle provides advanced web interaction tools but employs high-risk procedures. The script 'scripts/setup-opencli.sh' installs a global npm package, downloads a third-party browser extension from GitHub (jackwener/opencli), and forcefully restarts the user's browser with that extension enabled by killing active processes and modifying startup arguments. Additionally, 'references/web-search-config.md' contains instructions for the agent to solicit, analyze, and store user API keys (Tavily/Kimi) in the local configuration. While these actions are aligned with the stated purpose of enhancing web capabilities, the automated installation of unverified browser extensions and the collection of secrets represent significant security risks.