cc-gateway-ai-proxy

SUSPICIOUS. The skill is internally coherent, but its core function is to evade Anthropic telemetry and device identity controls by extracting stored OAuth credentials, man-in-the-middling all Claude Code traffic, and injecting centralized auth. Install provenance looks ordinary, but the credential handling, proxying, and explicit identity-masking behavior make this a high-risk skill.