inno-rclone-to-overleaf

SUSPICIOUS. The skill’s purpose broadly matches its capabilities, and data flows target official Overleaf endpoints, but it relies on an unofficial third-party CLI that reads browser cookies/keychain data for authentication. That credential model and the ability to modify remote documents create medium risk, though there is no clear evidence of overt exfiltration or malware.