remote-skill-test

SUSPICIOUS: the behavior mostly matches a remote skill-testing purpose, but it achieves that by installing other skills, bypassing SSH host verification, loading remote secrets from interactive shell config, and running OpenCode with permission checks disabled. The footprint is coherent yet disproportionately powerful, so this is not confirmed malware but it is a high-risk orchestration skill.