dependency-vulnerability-checker

SUSPICIOUS: The stated purpose is plausible, and there is no clear credential theft or malicious exfiltration path. However, the skill is overly generic and its Bash(npm:*) permission is broader than necessary for dependency vulnerability checking, creating medium supply-chain and execution risk without clear boundaries.