asc-plugins

SUSPICIOUS: the skill is coherent with its stated purpose as a local plugin manager, and there is no clear credential harvesting or deceptive routing. However, its core feature is executing arbitrary local plugin code that can auto-trigger outbound webhook actions, so the security risk is medium even though malicious intent is not established.