create-connector

SUSPICIOUS: The skill’s behavior is mostly aligned with its stated purpose of creating Harness connectors, and it uses secret references rather than harvesting local credentials. The main concern is install/execution trust: the required Harness MCP v2 path uses npx and documentation links V2 source to a personal GitHub account instead of a clearly same-org official repo, while also receiving a HARNESS_API_KEY. No clear malicious data exfiltration or hidden behavior is present, but the trust chain is weaker than expected for a credential-bearing enterprise integration skill.