scanning-api-security

SUSPICIOUS: the skill's actual footprint does not cleanly match its stated purpose. It claims API security scanning but mainly instructs the agent to scaffold and implement APIs, while granting Bash execution under a security-themed namespace without clear scanning boundaries or verified tool provenance. No direct credential theft or exfiltration is evident, so this is not confirmed malware, but it is a medium-risk, poorly aligned skill.