web-application-verification

SUSPICIOUS. The skill’s behavior matches its stated purpose, but that purpose is inherently high risk because it gives an AI agent offensive web security scanning capability and routes work through a third-party CLI/service from a different org than the publisher. No direct credential theft is shown, but the install provenance and autonomous remote scanning make this a high-risk security skill.