security-auditor

SUSPICIOUS: the core auditing behavior is coherent and uses mostly legitimate tools, but the skill is broader than necessary due to Bash, WebSearch, and especially undocumented automatic hooks that may export audit/session data. This is not confirmed malware, but it presents medium security risk from unclear data flows and unverifiable local script behavior.