security-detections-mcp

SUSPICIOUS: the core behavior mostly matches the stated purpose, but the skill has medium risk due to unpinned `npx` execution, third-party hosted MCP token forwarding, and autonomous security-engineering workflows. It does not show clear malware or credential-stealing behavior, but it meaningfully expands agent capability and trust in external services.