scanning-for-vulnerabilities

SUSPICIOUS: The stated purpose is coherent with reading code and dependency files, but the skill gives an AI agent high-risk security scanning capability plus unrestricted shell execution. No clear malicious exfiltration is shown, and plugin provenance appears same-publisher rather than clearly deceptive, so this is better classified as a high-risk vulnerable skill than confirmed malware.