scoop

SUSPICIOUS: The capability is broadly consistent with a Windows Scoop helper, but the skill’s actual footprint is not fully aligned with its stated identity because it depends on the unrelated X-CMD wrapper (`x scoop`) rather than plain Scoop. Data flows and permissions are otherwise proportionate, and there is no clear credential harvesting or exfiltration, but the added transitive supply-chain trust makes this riskier than a normal Scoop-only skill.