crawl-xueqiu-my-timeline

SUSPICIOUS. The core scraping/reporting behavior matches the stated purpose, but the skill combines authenticated browser-session access, analysis of untrusted social content, subagent orchestration, and unpinned third-party CLI execution via `bunx mdpdf`. This is better classified as a high-risk automation/reporting skill than outright malware: coherent in purpose, but with meaningful supply-chain and prompt-injection exposure.