scanning-tools

SUSPICIOUS. The skill's capabilities match its stated purpose, but that purpose is to give an AI agent offensive security and exploitation/scanning abilities with real-world network impact. Install sources are mostly legitimate, though the use of third-party zap-cli is a trust mismatch. There is no clear credential theft or exfiltration, so this is not confirmed malware, but it is a high-risk security skill due to autonomous offensive tooling scope.