last30days-cn

This fragment is primarily a lifecycle hook configuration that triggers `bash` to execute a local `check-config.sh` script on SessionStart. No explicit malicious behavior is visible in the snippet itself, but it introduces a moderate supply-chain/path-integrity risk by performing shell command execution using a runtime-resolved root path. Verification requires reviewing the actual `check-config.sh` contents and ensuring `${CLAUDE_PLUGIN_ROOT}` and the script file are protected from tampering (e.g., by signed artifacts, locked dependencies, and verified installation paths).

该技能的总体目的与主要能力基本一致，像是一个多平台研究/爬取技能，而非明显恶意内容。但它引入浏览器自动化、第三方抓取/API 服务和多种可选凭证，且缺少实际代码来验证凭证是否只发往官方端点，因此应判为可疑偏高的中等风险，而不是确认恶意。