eightctl

SUSPICIOUS: the skill is purpose-aligned, but it depends on a third-party unofficial CLI from a personal GitHub repo, forwards real account credentials to that tool, and enables real-world device actions. This looks more like a high-impact unofficial integration than malware, but the trust model and mutable install path make it risky.