claude-code-source-recovery

SUSPICIOUS: the stated purpose is source-code study, but the skill also encourages installing a pulled package from a Tencent mirror and running a third-party reconstructed repo with live Anthropic credentials. Data flows to official Anthropic endpoints rather than an attacker proxy, so this is not confirmed malware, but the install provenance is weak and broader than necessary for simple code exploration.