Cn Ecommerce Search

The skill bundle is classified as suspicious due to the use of `npx -y @shopmeagent/cn-ecommerce-search-mcp` in `SKILL.md`. While the stated purpose is benign (running an e-commerce search skill), `npx` downloads and executes an arbitrary npm package, which represents a significant supply chain risk. This is a risky capability involving shell execution and network access to an external registry, even if plausibly needed for the skill's operation, and could lead to arbitrary code execution if the npm package were compromised.