qiaomu-opencli-explorer

SUSPICIOUS: the skill’s capabilities mostly match its stated purpose, and the OpenCLI install source appears legitimately same-org. However, the skill is high-impact because it directs an agent to browse arbitrary sites, harvest API behavior from authenticated sessions, intercept requests, generate executable adapters, and potentially publish results. This is not confirmed malware, but it is a medium-high risk automation skill with disproportionate exposure to session credentials and untrusted web content.