video-tool

SUSPICIOUS. The core video-processing purpose is plausible, but the skill’s footprint is much broader: it installs third-party code from a personal GitHub repo, asks the agent to handle many credentials, and enables autonomous uploads/public posting. The benign pre-execution checks do not make it malware, but the supply-chain, credential-forwarding, and real-world action scope make this a high-risk skill.