Midscene Web

The skill bundle exhibits several significant anomalies that suggest a potential supply-chain risk or deceptive artifact. The metadata (_meta.json) and documentation (SKILL.md) cite a version number (26.5.14) and a publication date (May 2026) that are far in the future compared to the actual Midscene.js project (currently at version 0.x in late 2024). It also references non-existent AI models such as 'gemini-3-flash' and 'qwen3.5-plus'. While the instructions describe legitimate browser automation, the command to use `npx` to fetch a version (@1) that is ahead of current official releases, combined with instructions for the agent to probe local ports (9222, 3766) and launch host applications via shell, presents a high-risk profile without clear evidence of immediate malice.