search-room

SUSPICIOUS: the skill’s purpose is coherent and scope is narrow, but it relies on an unpinned `npx` execution path for a not-clearly-verified publisher/package and hides the actual backend data flow inside the CLI. No clear signs of credential harvesting or malicious behavior, but install trust is only medium.