sales-clay

SUSPICIOUS. The core Clay-help purpose is mostly coherent and there is no direct credential theft or exfiltration behavior, but the skill contains a transitive installation instruction for another skill via an unpinned remote installer, and the referenced target is not clearly attributable to the stated publisher. Main risk is trust expansion and supply-chain exposure, not confirmed malware.