viboscope

SUSPICIOUS. The skill's core purpose is plausible, but its actual footprint is broader than necessary: mutable remote installation, weak provenance, raw credential-file handling, and transmission of local workspace/conversation context to a remote matching API. Data flows are first-party to viboscope.com rather than an obvious exfiltration service, so this is not confirmed malware, but it is a high-risk skill for privacy and supply-chain reasons.