performing-security-code-review

SUSPICIOUS rather than malicious. The skill’s core behavior matches its stated purpose, and the visible data flows are mostly local and proportionate, but it grants an AI agent broad shell access and explicit security-scanning capability, which materially raises risk. No clear credential harvesting or covert exfiltration is shown in the provided skill text.