hypermoji

SUSPICIOUS: The skill’s stated purpose matches its commands, and it avoids direct credential scraping, but it delegates authenticated operations to an external CLI whose publisher/provenance was not clearly verifiable from public evidence. Main risk is supply-chain and credential trust in the CLI rather than overtly malicious behavior in the skill text.