cml-packet-capture

SUSPICIOUS. The skill’s capabilities are mostly aligned with its stated CML packet-capture purpose, and data appears to flow to the configured CML instance rather than an obvious exfiltration service. The main concern is install/execution trust: it depends on a third-party MCP package from PyPI associated with a personal GitHub account, plus cross-skill handoffs that expand the trust chain. This looks more like a moderately risky but plausibly legitimate operational skill than confirmed malicious behavior.