bookstrap-research

SUSPICIOUS: the skill is largely purpose-aligned for autonomous research, with no strong malware or supply-chain indicators, but it combines autonomous web ingestion of untrusted content with Bash/Write access and local state changes. Plaintext local DB credentials and optional routing through Serper add medium risk, making this a high-risk research automation skill rather than a clearly malicious one.