ops-voice

SUSPICIOUS. The core voice capabilities align with the stated purpose and use official service endpoints, but the setup workflow is overly invasive: it reads raw secrets from multiple local stores, scans all Doppler projects/configs, and validates found keys over the network. Combined with autonomous phone-call capability, this makes the skill higher-risk than a normal voice utility even without clear evidence of malicious exfiltration to attacker-controlled hosts.