dibbla

SUSPICIOUS. The skill is broadly aligned with a platform CLI, but its footprint is high-risk: custom-domain pipe-to-shell installation, remote YAML execution equivalent to `curl|bash`, token persistence into `.env`, and real deployment/secret/database actions. I do not see clear evidence of outright credential theft or covert exfiltration, but the execution and supply-chain trust model are risky enough to classify as suspicious rather than benign.