after-effects

The skill's stated purpose (automating After Effects via generated ExtendScript) matches its capabilities, and there are no direct signs of embedded malware or obfuscation. However, the skill requires writing and executing JSX in a user-writable skills directory and invites enabling AE scripting network access — both increase the attack surface. If a threat actor can modify the skill's scripts, libs, or rule files, they could execute arbitrary ExtendScript (file system changes, replacing footage, rendering outputs) and, if network access is enabled, exfiltrate project data. Verdict: suspicious / medium-high risk in practice due to powerful local execution and optional network access; not clearly directly malicious in the provided files.