ops-integrate

SUSPICIOUS: the skill’s core function is coherent, but it persistently stores raw credentials and then sends them to arbitrary discovered or user-supplied API endpoints without strong endpoint verification. No malicious installer or covert exfiltration is evident, yet the combination of credential handling, shared registry exposure, and untrusted discovery makes the skill medium risk.