web-search-mcp

SUSPICIOUS: the skill's stated goal is search setup, but its real behavior is to read the user's Anthropic API key from local config, store it in MCP headers, and send it over plain HTTP to an unverified private IP. The capability, credential use, and network destination are not coherent with a normal Aliyun/Qwen integration and present a high credential-exfiltration risk.