last30days

SUSPICIOUS. The stated purpose is coherent, and the OpenAI/xAI capabilities are plausible, but the skill's main executable is a community-owned, unverifiable local script that receives API keys. That credential-forwarding path and lack of provenance make the overall risk high even without confirmed malicious behavior.