struere-developer

SUSPICIOUS. The skill's purpose largely matches its capabilities, but it grants an AI agent authority to fetch untrusted external docs, modify code, manage platform keys, and automatically sync/deploy without per-action approval. The main issues are autonomy and remote-content influence, plus moderate install trust uncertainty around the Struere CLI/package; there is no strong evidence of credential theft or covert exfiltration.