sigil-scan

SUSPICIOUS. The stated purpose is coherent for a security scanner, but the skill has privileged local visibility into credential files and shell history, and its installation provenance is weakened by inconsistent publisher naming in the npm install path. No clear exfiltration or overtly malicious behavior is documented, so this is not confirmed malware, but it should be treated as a high-trust security tool and used only after verifying the official installer/source relationship.