exa-install-auth

SUSPICIOUS. The skill's purpose is legitimate, but its install instructions point to package names that do not match Exa's official SDKs while also guiding the user to store an Exa API key for those packages. Auth setup itself is normal, but the dependency provenance is inconsistent with the claimed vendor integration, making the overall skill high risk.