vercel-plugin-eval

SUSPICIOUS: the skill’s stated purpose matches plugin evaluation, but its footprint is moderately risky because it installs a plugin from a GitHub URL and launches real Claude Code sessions that can act on injected prompts. The local log inspection is proportionate to debugging, but the combination of third-party plugin installation and action-capable session spawning raises medium security concern.