motion

The Motion Skill presents a coherent high-level purpose (AI-powered calendar and task management) but embeds a notable supply-chain risk via curl|bash installation from an external URL and unverifiable binaries. It also relies on multiple credential inputs and browser automation for authentication, leading to potential credential exposure and data flow to external services. The combination of unverifiable install, mixed credential handling, and browser automation creates elevated security risk and warrants treating this as SUSPICIOUS to HIGH risk pending stronger supply-chain assurances (checksum/signature verification, official registries, and explicit, bounded data-flow diagrams).