plankton-code-quality

SUSPICIOUS: the skill is broadly consistent with a code-quality automation purpose, but it adds a nontrivial trust and execution surface by cloning a personal GitHub repo, running local setup/hooks, and silently spawning Claude subprocesses on every edit. No clear credential harvesting or off-purpose exfiltration is shown, so this is not malicious, but the install and autonomous execution model create medium security risk.