deepsec-vulnerability-scanner

SUSPICIOUS: The skill is broadly aligned with a code-scanning purpose, and its npm-based install plus official provider endpoints look plausible. However, it combines package-supplied instructions, full-shell agent behavior, untrusted code analysis, credential use, and optional source upload to Vercel sandboxes, making the overall footprint high-risk and only safe in tightly controlled environments.