riksdag-regering-mcp

SUSPICIOUS. The skill’s data-research purpose is broadly coherent, but trust signals are inconsistent: claimed maintainer identity does not align with cited repo ownership, the production MCP endpoint is hosted on a third-party Render domain, and some content is fetched through g0v.se instead of only official government APIs. These are proportionate functionality-wise but create medium supply-chain and data-flow trust risk rather than clear malware evidence.