https-certificate-checker

SUSPICIOUS: The skill does not show malicious data flows or credential harvesting, but its generic boilerplate purpose does not justify the broad Bash(npm:*) execution scope. Main risk is open-ended npm-mediated code execution without pinned packages or task-specific constraints.