helpmetest-discover

SUSPICIOUS. The skill’s behavior mostly aligns with its QA-discovery purpose, but it depends on a vendor MCP/service, forwards API-token-authenticated data to HelpMeTest, processes untrusted website content with action-capable tools, and includes credential-sensitive artifact patterns. The main concern is medium security risk from external service trust, wildcard tool scope, and exploratory browsing with write-capable outputs, not confirmed malicious intent.