domain-researcher

SUSPICIOUS: The core purpose is coherent, but the install/execution path is weaker than it should be because it relies on an unpinned external `npx` package with unclear provenance, plus all domain research data flows through a single third-party API. This looks more like a risky vendor-integrated research skill than overtly malicious content.