fe-codegen-workbench

SUSPICIOUS：整体目的与前端代码生成基本一致，但存在两类明显风险：一是用未固定版本的 `pnpm dlx` 直接执行外部脚手架，二是将设计系统内容默认经第三方 `getdesign.md` 中转，并强制/建议继续调用其他 skills，扩大供应链与信任链。未见明确恶意窃密或与目的根本不符的能力，因此不判定为恶意。

No direct malicious logic is visible in this snippet, but it substantially increases supply-chain/runtime execution risk by launching an unreviewed local extension artifact (mcp-server.mjs) with user-specific absolute paths and by auto-approving message/session-related MCP actions. The true security posture depends on the implementation of the referenced server module and its dependencies; those should be audited for filesystem access, data transmission, credential handling, and any hidden persistence or tracking.