quality-assurance

SUSPICIOUS. The skill is largely coherent with its stated QA purpose and does not show direct credential theft, covert behavior, or untrusted installer chains. However, it grants an AI agent security-auditing capability including offensive-capable scanning tools, and some referenced official CLIs may transmit project metadata to vendor services; combined with unspecified local helper scripts, this makes it medium risk rather than benign.