anylist

SUSPICIOUS. The skill’s purpose is coherent, but its trust model is not: it asks for raw AnyList email/password and routes them through a CLI that could not be verified as official AnyList software. Because a third-party or unofficial CLI receives account credentials, the main concern is credential forwarding and supply-chain risk rather than overt malicious behavior.