davinci-resolve

SUSPICIOUS. The core Resolve scripting examples are coherent and locally scoped, but the optional MCP integration introduces an unverified local server and arbitrary script execution capability without provenance details. No direct credential theft or external exfiltration is evident, so this is not confirmed malware, but the MCP portion raises meaningful security risk.