vulnerability-scanning

SUSPICIOUS: The skill is internally coherent for vulnerability scanning, but it grants an AI agent offensive security capabilities and uses remote third-party tooling with unpinned runtime execution. Data flows are mostly legitimate to official services, so this is not confirmed malware, but it is a high-risk security skill that should require strict target scoping and explicit user approval.