context7

SUSPICIOUS: The overall purpose is legitimate and network flow targets the official Context7 service, but the skill is not fully coherent with a low-risk docs helper because it instructs secret-file discovery from hidden .env files and uses an undocumented local Python wrapper whose provenance is unclear. Main risk is credential handling and local wrapper trust, not confirmed malware.