shodan-reconnaissance

SUSPICIOUS. The skill is internally coherent and uses official Shodan tooling and endpoints, so it does not look like credential theft or a deceptive supply-chain lure. However, its purpose is explicitly penetration-testing reconnaissance and active scanning, which gives an AI agent offensive security capability with real external impact; that makes the skill high-risk even though the install path and data flow are otherwise legitimate.