groovy

SUSPICIOUS: the core capability matches running Groovy scripts, but the skill is oddly coupled to the third-party X-CMD wrapper instead of official Groovy tooling. This creates moderate install-trust risk from remote installer usage, but there is no evidence of credential harvesting, proxying, or exfiltration.