nugs

The skill footprint is largely coherent with its stated purpose (Nugs.net cataloging, downloading, and management with optional cloud uploads). However, several risk signals are present: plaintext credentials in the config, outbound cloud upload capability via rclone, and potential autonomous gap-filling downloads. These factors yield a MEDIUM risk posture with notable concerns around credential handling and external data exfiltration risk if misused. No evidence of exploit tooling or mal intent is observed, but credential exposure and third-party data sinks keep the assessment at suspicious-to-MEDIUM risk rather than clearly benign.