language-audit

SUSPICIOUS. The skill’s stated purpose and capabilities mostly align, and there is no clear credential harvesting or malicious data routing. The main issue is trust: it relies on a local executable, language-router.py, whose provenance could not be verified from the provided evidence. That keeps the skill from being benign, but the absence of credential forwarding, external proxy endpoints, or stealth/exfiltration behavior argues against malicious classification.