pii-detect

SUSPICIOUS. The skill's stated purpose is coherent, but its footprint routes highly sensitive input to third-party claude-flow MCP tools with limited transparency about endpoint handling, and it grants unnecessary Bash access. No direct malware behavior, credential theft, or covert execution is shown, but external processing of PII makes this a medium-risk skill.