security-scan

SUSPICIOUS. The skill’s stated purpose is coherent for a security scanner, and reading `.claude/` files is proportionate. However, trust signals are mixed: the install/runtime path depends on third-party code, the publisher relationship is unclear across ECC / `ecc-agentshield` / `affaan-m`, examples use unpinned `npx`, and deep-analysis mode forwards `ANTHROPIC_API_KEY` to that CLI. This looks more like a potentially legitimate but trust-sensitive security tool than confirmed malware.