finder

SUSPICIOUS. The stated purpose is coherent for a macOS Finder skill, and no credential harvesting or remote data flow is visible, but the only executable is an unpublished local script with no verifiable provenance or code to inspect. That makes the skill high risk from an install/execution trust perspective, though not confirmed malware.