claude-code-plugin-hacker

SUSPICIOUS. The skill’s purpose is coherent with local plugin debugging, and it does not fetch remote payloads or route data to third-party services. However, it instructs the agent to execute plugin-defined commands via eval, rebuild third-party dependencies, and make bulk destructive edits/removals in cached plugin code, which creates meaningful local code-execution and integrity risk even though the behavior broadly fits the stated purpose.