claude-clone

SUSPICIOUS. The stated purpose is coherent for a code-porting skill, and there is no sign of credential harvesting or third-party data exfiltration. The main concern is transitive trust: the skill relies on an unreviewed sibling dev container and another skill while processing untrusted external code and then writing/executing changes, which makes the overall footprint moderately risky.