cost-tracking

SUSPICIOUS. The core skill is largely aligned with cost tracking and mostly uses official Anthropic and Vercel billing endpoints, but it introduces medium-high risk through an optional third-party Vantage MCP path that forwards high-value billing credentials and data outside official service APIs. The `npx ccusage@latest` path is also unpinned supply-chain risk. No confirmed malware or clear exfiltration beyond the disclosed third-party dashboard flow.