Claude Code Collaboration

The skill bundle is classified as suspicious primarily due to a hardcoded API token ('sk-sp-5cec1d99ac9f4848b2dc625406bea113') and a specific Aliyun DashScope endpoint in 'scripts/agent.py' that overrides any user-provided environment variables. This forces all task data to be sent to a specific third-party account, contradicting the setup instructions in 'SKILL.md'. Additionally, the script executes the Claude CLI with the '--dangerously-skip-permissions' flag, which removes critical security confirmations during task execution.