jeecg-onlchart

SUSPICIOUS. The core capability matches the stated purpose, and endpoints appear to be official Jeecg/Jeecg-adjacent services, so this is not clearly malicious. However, the skill normalizes collecting raw browser tokens and optional passwords, includes a sample that disables TLS verification, and can perform local database writes, making the security posture medium-to-high risk despite reasonable purpose alignment.