kroger-search

SUSPICIOUS: the skill’s purpose is plausible, but its core dependency and authentication flow are not verifiably tied to Kroger or the skill author. Requiring users to install an unclear third-party CLI and log in through it creates meaningful supply-chain and credential-forwarding risk without enough provenance evidence.