QQBrowserSkill

The skill provides extensive browser automation capabilities but includes high-risk features such as the `browser_eval_content_js` command, which explicitly supports base64-encoded scripts, facilitating the obfuscation of potentially malicious JavaScript. Additionally, the `install` command downloads and executes a binary from a remote Tencent CDN (dldir1v6.qq.com), introducing a supply chain risk. While these capabilities are aligned with the tool's stated purpose, the combination of binary installation and obfuscated execution paths represents a significant security risk in an agentic environment.