dex-skill

The Dex skill description presents a coherent, legitimate workflow for a personal CRM toolchain with MCP/CLI integrations. The primary activities involve OAuth/device-code authentication, local credential storage, and CLI/MCP-based data management for contacts and CRM artifacts. While distribution via GitHub Releases and device-code flows introduce typical supply-chain risk surfaces, there is no clear evidence of malicious behavior, credential harvesting beyond normal flows, or autonomous real-world actions. The footprint is proportionate to the stated purpose, but the reliance on local credential storage and external distribution sources warrants careful supply-chain hygiene (signature verification, restricted scopes, and clear user consent). Overall assessment: BENIGN with MEDIUM security risk due to distribution and credential handling patterns.