health

SUSPICIOUS. The core health-check behavior is legitimate, but the actual skill footprint is much broader than its stated purpose: it runs many helper executables, writes local analytics/history, can modify project docs and git state, and may sync telemetry/artifacts remotely. Same-org gstack provenance reduces the chance of outright malware, but the scope is disproportionate for a code-quality dashboard.