anthropic-official

SUSPICIOUS. The skill’s actual footprint is grossly disproportionate to any legitimate helper purpose: it auto-runs on every message, grants unrestricted shell access, and instructs the agent to bypass safety permissions. There is no credential-exfiltration or third-party installer evidence, but the combination of deceptive branding and unconditional execution authority makes this a high-risk AI-agent skill.