clay-migration-deep-dive

SUSPICIOUS: the skill’s migration purpose is coherent, but its operational footprint is broad for an agent skill. No direct credential theft, exfiltration, or attacker-controlled endpoint appears in the provided text, so this is not malicious; risk comes from unrestricted kubectl/npm execution, underspecified SDK provenance, and real-world deployment actions.