get-qodo-rules

The skill is principally a legitimate repository-rule loader that fetches rules from a known platform using a local API key and environment configuration. Its data flows are coherent with the described purpose: locally stored credentials feed a remote API to retrieve rules, which are then formatted and applied to code tasks. Security posture is moderate: credential handling exists and must be protected from logging or inadvertent exposure, and network calls should be made with proper TLS and scope-conscious endpoints. No unverifiable binaries or credential-forwarding to third-party tools are indicated. Overall, the skill appears BENIGN with notable but manageable security considerations (credential exposure risk and network security).