dot

The skill's stated purpose (querying company data via Dot) is coherent with its described usage. However, the install approach (remote installer scripts from a single vendor domain and reliance on a proprietary CLI outside official registries) and the implied data flow to external Dot endpoints introduce notable supply-chain and data-exposure risks. The credential handling is not defined in detail, increasing exposure potential. Overall, the footprint is suspicious and warrants mitigations (verifiable installation from trusted registries, explicit data-flow governance, and explicit credential handling safeguards).