cping

The skill is conceptually benign and scope-limited (connectivity test via an external wrapper). However, it introduces security concerns due to (1) potential command-injection risk from unvalidated user input in the shell invocation, and (2) reliance on an unverifiable external binary (ccb-ping) whose behavior and trustworthiness are unestablished. Given these factors, classify as SUSPICIOUS with notable security risk until the wrapper’s provenance and input-sanitization are clarified. Recommend removing or sandboxing the external binary, validating and sanitizing input, and providing verifiable checksums or registry provenance for the wrapper before using in production.