res-deep

SUSPICIOUS. The core purpose is coherent for a research skill, and the uv installer appears to be an official same-org distribution path rather than a random payload. However, the skill materially increases risk by combining broad ingestion of untrusted web content with shell/tool execution, mandatory credential probing via the macOS keychain, and optional stealth scraping/Cloudflare-bypass tooling. This looks more like a high-risk agentic research workflow than malware, but its capability footprint is broader and riskier than a typical benign documentation-style research skill.