op-auto-clicker

SUSPICIOUS: the skill's purpose matches local click automation, but its install trust is weak because ara.so points users to a different GitHub account's Windows binary and tells them to bypass Defender if flagged. There is no clear data exfiltration or credential theft, but the cross-publisher executable download and autonomous input automation make it high security risk.