bgpt-paper-search

SUSPICIOUS. The skill's purpose and capabilities mostly align, but it expands agent trust to a third-party remote MCP service and an npm-delivered helper (`mcp-remote`). Data flow to BGPT is expected for the feature, yet the indirect routing, mixed publisher identity, and transitive external-service dependency make this medium risk rather than benign.