distill

SUSPICIOUS: the local scanning and distillation goal is plausible, but the skill pairs it with high-autonomy behavior, mandatory external logging to an unverifiable Oracle MCP service, and broader-than-necessary repository access. Install provenance is same-brand yet still weakly verified, so this is best treated as a high-risk autonomous data-handling skill rather than confirmed malware.