security-audit

SUSPICIOUS. The skill’s invasive behavior is broadly consistent with a full environment security audit, but its scope is unusually expansive: it inventories sensitive local files, inspects all skills and repos, and performs live credential validation across several services. The biggest concrete issue is disabled TLS verification for Splunk token checks. Data flows stay on official service domains and there is no download/execute chain, so this is not confirmed malware, but it is a high-sensitivity skill that should only run with explicit user consent and tighter scoping.