vector-cluster

SUSPICIOUS: the skill is not overtly malicious, but its actual footprint is inconsistent with its stated vector/namespace purpose and it executes a mismatched external npm package version via npx. Main concern is install/provenance ambiguity and purpose-capability misalignment, not confirmed credential theft or exfiltration.