ui-cloner

SUSPICIOUS: the visible skill is mostly an orchestrator for other, unprovided skills, so its effective behavior cannot be fully reviewed. Local file writes are proportionate to its purpose, but the transitive skill-install/execution pattern and unverifiable provenance of referenced child skills create a medium security risk even without direct evidence of malicious data exfiltration in this file.