gstack

SUSPICIOUS. The stated purpose and core capability align: importing local browser cookies into a headless QA session is coherent. The main risk comes from opaque local `gstack`/`browse` binaries and an unspecified `./setup` path handling decrypted session cookies, plus an unpinned official `curl|bash` Bun install. I do not see clear evidence of deliberate exfiltration or malicious intent, but the trust chain is insufficiently transparent for a benign classification.

SUSPICIOUS: the skill is broadly aligned with QA and bug-fixing, but its footprint is expansive. The main concerns are autonomous repo modification/commits, browsing untrusted web content while retaining Bash/write access, credential/cookie handling through a local browse binary, and supply-chain risk from curl|bash plus local skill chaining. No strong evidence of deliberate credential theft or exfiltration was found.

Mostly coherent QA skill with normal browser-testing, screenshot, and report-writing behavior. Main concerns are the local gstack helper/upgrade trust chain, optional Bun pipe-to-shell install, and prompt-injection exposure from browsing untrusted web content with Bash/Write permissions; these make it suspicious-but-not-malicious rather than clearly benign.

SUSPICIOUS. The core review/edit behavior is legitimate, but the skill's footprint is broader than its stated purpose: it invokes opaque local gstack binaries, can hand off to another skill for upgrades, and writes persistent session/review/contributor state. No strong evidence of credential theft or malicious exfiltration appears, but the trust and scope boundaries are looser than a narrowly scoped design-review skill should need.

SUSPICIOUS: the stated purpose is coherent for a PR review skill, and most git/GitHub/file actions are proportionate. The main issue is trust: it relies on unverifiable local `gstack` executables and can route into another skill's upgrade flow, which raises supply-chain and transitive-trust risk above a normal review guide.

SUSPICIOUS. The core design-audit behavior is plausible, but the skill's footprint is broad and it relies on opaque local gstack/browse executables plus optional pipe-to-shell installation. I found no clear credential theft or exfiltration, so this looks more like a high-risk, overpowered workflow skill than confirmed malware.

SUSPICIOUS. The skill's review-oriented purpose broadly matches its repo-reading behavior, but its dependency on opaque local gstack binaries and built-in upgrade flow creates a disproportionate trust footprint for a planning skill. I do not see clear malicious exfiltration, but the unverifiable helper binaries materially raise security risk.

SUSPICIOUS. The core capability is coherent for a documentation-update skill, and the Git/GitHub data flows are proportionate. However, the preamble runs unverifiable local gstack executables and may chain into another local skill for upgrades, creating a notable install-trust and transitive-trust risk that is larger than the documented purpose alone. No clear credential harvesting or malicious exfiltration is shown.