strix

The skill is purpose-consistent, but its purpose is itself high risk: it gives an AI agent offensive security scanning capability against code and live targets. The main concerns are AI-enabled pentesting, credential forwarding to external tooling/providers, and installer/binary trust that is not fully verifiable from the provided skill text. This is best classified as suspicious/high-risk rather than confirmed malware.