mega-code-status

SUSPICIOUS. The visible behavior mostly matches a status skill, but it delegates core actions to an externally unverified local `mega_code`/`mega-code` codebase via `uv run`, including an auth check with undisclosed network endpoints. No explicit credential theft or exfiltration is shown, so this is not malicious, but execution trust is only partially established.