security-scan

SUSPICIOUS. The skill is coherent and mostly locally scoped, with official install paths and no obvious credential-harvesting or stealth behavior. However, it grants an AI agent broad security-scanning capability against arbitrary codebases, which is high risk by category even though the implementation footprint appears proportionate to its stated purpose.