cisco-support-cli

SUSPICIOUS. The skill’s purpose and requested Cisco credentials are broadly coherent, and the documented data flow points to official Cisco APIs. The main concern is install/execution trust: a third-party npm CLI from a personal author is asked to store and use Cisco OAuth credentials, while the exact package provenance and runtime behavior are not fully verifiable from the provided skill text. This is not confirmed malware, but it carries meaningful supply-chain and credential-forwarding risk.