claude-code

SUSPICIOUS: the skill's core purpose matches its capabilities and official install source, so it is not malware. However, it materially increases risk by orchestrating a second autonomous agent, automating acceptance of trust and permission-bypass dialogs, and enabling transitive MCP/plugin tooling that can execute commands and access project data.