vmware-engineer

SUSPICIOUS. The skill’s functional content is benign advisory documentation, but its installation model is weak: it asks agents to ingest remote instructions from a mutable third-party GitHub raw URL and to install/load the skill across agent platforms. I found no credential harvesting, malware behavior, or disproportionate system access, so the main concern is supply-chain and transitive trust rather than malicious payloads.