poc-calc

SUSPICIOUS: the skill’s stated purpose is to reproduce a shell injection vulnerability, which is exploit-oriented and not a normal benign skill function. The provided content is very small and shows no credential theft, exfiltration, or external supply-chain abuse, so this is not confirmed malware, but it is a high-risk offensive/security-testing skill with disproportionate intent.