markdown-fetch

SUSPICIOUS: the core purpose is plausible, but the skill quietly routes user-requested browsing through a third-party service with separate operators/subprocessors, and it references an unverifiable local wrapper. The biggest concerns are third-party data routing, automatic ingestion of untrusted web content, and undocumented credential handling for protected pages. Not confirmed malware, but the data-flow and trust boundaries are insufficiently transparent for a default URL-fetch skill.