nso-device-ops

SUSPICIOUS: the skill's NSO-focused capabilities mostly match its purpose, but trust is weakened because credentials are forwarded to a third-party MCP server package not published by Cisco, the skill permits insecure transport defaults (`http`/optional TLS verification), and it references additional outbound logging/export workflows. This looks more like a medium-risk operational integration than confirmed malware, but it should be treated as requiring careful trust review and explicit approval for sync/log/export actions.