dune-to-allium

SUSPICIOUS. The skill’s purpose and requested credentials broadly match SQL conversion and API-backed result comparison, and the documented endpoints are official Dune/Allium destinations. However, it instructs the agent to read raw credential files and execute unreviewed local helper scripts, so the real data handling cannot be fully verified from the skill text alone. Risk is moderate rather than clearly malicious.