share-of-voice

SUSPICIOUS. The skill’s overall purpose is coherent, but its trust boundary is weak: it relies on unverifiable local helper scripts and references MCP integrations whose official provenance is unclear for some vendors. Data collection and credential use are mostly proportionate to share-of-voice analytics, so this is not confirmed malware, but the unresolved executable provenance and third-party server trust make it a medium-risk skill.