investigate

SUSPICIOUS. The core debugging workflow is legitimate, but the skill's actual footprint is much broader than 'investigate a bug': it runs many local binaries, persists state, can modify project routing files and commit changes, and supports optional telemetry/artifact sync with unspecified external endpoints. This looks more like a full gstack platform bootstrap/orchestration layer than a narrowly scoped investigate skill, so the mismatch and install-trust ambiguity raise medium risk rather than confirming malware.