joy-check

SUSPICIOUS due to one main issue: the skill depends on an unverifiable local scanner script outside the reviewed skill contents. Aside from that, capabilities are coherent with a local framing-check tool, permissions are moderate, and there is no sign of credential harvesting or outbound data exfiltration.