autopentestx-automated-pentesting

SUSPICIOUS/HIGH-RISK skill. Its stated purpose matches its capabilities, but those capabilities are offensive security functions that give an AI agent authority to scan, probe, and potentially exploit systems. The main inconsistency is install trust: ara.so publishes the skill while users are told to clone and run code from an unrelated personal GitHub repo. Data can also flow to arbitrary webhooks. This is not confirmed malware, but it is a high-risk AI agent skill with notable supply-chain and misuse concerns.