design-shotgun

SUSPICIOUS. The core design-variant workflow is plausible, but this skill is wrapped in a much broader gstack control plane that adds telemetry, artifact sync, local binary trust, browser/server actions, and optional git/CLAUDE.md mutations beyond the stated purpose. I do not see confirmed credential theft or clear malware, but the scope is disproportionate enough to rate as medium-high security risk.