scry

SUSPICIOUS: the core API usage is coherent and same-brand, with no clear credential harvesting or off-brand proxying. However, the skill is not purely read-only in practice: it can publish shares/judgements/feedback externally, processes untrusted corpus content, and instructs transitive `npx skills` installation/update. Overall this looks product-consistent but medium-risk rather than fully benign.