sysadmin-toolbox

SUSPICIOUS: the skill's purpose broadly matches its capabilities, but it materially enables offensive security/scanning activity and includes an opaque auto-refresh trust chain. No clear credential theft or exfiltration is shown, so this is not confirmed malware; the main concerns are offensive-tool enablement and unverified upstream refresh behavior.