techstack-identification

SUSPICIOUS: the skill is internally consistent as a passive tech-stack OSINT recon tool, but its stated use in pentest/CVE workflows gives an AI agent meaningful target-profiling capability. No credential harvesting, exfiltration, or installer abuse is evident, so this looks more like a high-risk security-recon skill than malware.