zr-doctor

SUSPICIOUS: the skill’s stated purpose is coherent, but it hinges on an unverifiable `probe` CLI that appears able to modify auth, wallet, and registration state. There is no explicit exfiltration or deceptive behavior in the skill text, yet the opaque third-party binary and sensitive onboarding actions make the trust and data-flow model too uncertain to treat as benign.