rollbar-reader

SUSPICIOUS: the skill’s purpose largely matches its behavior, but it depends on a non-official third-party Rollbar CLI, installs it globally from an unpinned npm package, and forwards Rollbar tokens through that tool. This is a coherent observability skill with meaningful supply-chain and credential-handling risk, not clear malware.