testing-websocket-api-security

SUSPICIOUS. The skill’s purpose and capabilities are aligned, but that purpose is offensive security testing. It enables an AI agent to run exploit-style WebSocket assessments, includes explicit data-exfiltration PoC behavior, and performs DoS actions against external targets. Tool install sources are mostly normal, so the main risk is operational misuse and harmful network actions rather than supply-chain deception.