magic-link-auth-companion

SUSPICIOUS: The skill is broadly aligned with magic-link auth management, but it routes sensitive token operations to a custom, configurable external backend and includes a local revocation script whose provenance is not verifiable from the snippet. No clear malware or overt credential theft is present, but the external data path and operational scope make it a medium-risk skill.