ave-data-wss

SUSPICIOUS: The skill’s capabilities are mostly aligned with its stated purpose, and its credential scope is proportionate. The main concern is data-flow integrity: the authenticated runtime endpoint wss://wss.ave-api.xyz is not clearly documented as an official Ave-owned host in public first-party materials, while docs links point to cloud.ave.ai/doc.ave.ai. Combined with unpinned local dependencies and Docker credential forwarding, this makes the skill medium risk rather than benign, though there is not enough evidence to call it malicious.