vault-weekly-maintainer

SUSPICIOUS: the skill's purpose and file-editing scope are coherent for vault maintenance, and there is no direct sign of exfiltration or credential harvesting. However, it delegates core behavior to several unverified local CLIs with unknown provenance, creating a meaningful execution-trust and supply-chain risk even though the wrapper text itself looks benign.