mocreo-api

SUSPICIOUS: The skill is broadly coherent with a legitimate MOCREO device-management integration and appears to target official service APIs, not an obvious third-party interception domain. Main concerns are automatic dependency installation from an unseen requirements file, persistent storage of credentials/tokens/API keys in .env, and agent-enabled side-effecting actions including API key management and export-to-email. This is not confirmed malware, but it carries moderate security risk due to secrets handling and unverifiable local script behavior.

SUSPICIOUS: The skill’s purpose broadly matches MOCREO device management, and official MOCREO domains exist, but the trust boundary is the unseen local login/setup scripts that collect account credentials and may make network calls. With no remote installer or obvious exfiltration endpoint shown, this is not confirmed malicious, but credential handling and shell-based execution create medium risk until the scripts and endpoints are reviewed.