advanced-features-2025

SUSPICIOUS. The skill is mostly a legitimate documentation guide for Claude Code features, but it expands trust through automatic hooks, team plugin distribution, and MCP examples that forward credentials to executed subprocesses. The main concerns are transitive plugin installation and mutable npx-based MCP execution, especially the inconsistent Stripe package example; this is more risky than malicious.