peach-erd

SUSPICIOUS. The skill’s capabilities mostly match its ERD purpose, but it expands trust by auto-installing a third-party MCP server and executing unpinned `npx ...@latest` code. Data flow is mainly local and there is no clear credential harvesting or exfiltration, so this looks like a medium-risk supply-chain issue rather than malware.