acomo

SUSPICIOUS. The skill’s purpose and credential scope are mostly coherent for an API/CLI usage guide, and there is no clear exfiltration behavior. However, it requires an external acomo CLI without giving a verifiable install source or release provenance in the skill, so trust in the executable is not established and overall risk remains high under the unverifiable-binary rule.