pagerduty-oncall

SUSPICIOUS. The skill's purpose and local data handling are largely coherent for PagerDuty incident investigation, but it requires a PagerDuty API token to be passed into an unmaintained third-party personal CLI rather than an official PagerDuty tool. That dependency and credential-forwarding model create disproportionate trust and supply-chain risk even without clear evidence of active exfiltration.