eightctl

The skill shows coherence with its stated purpose of controlling Eight Sleep pods but exhibits notable security concerns: unverified binary installation from a GitHub source, dual credential surfaces (config.yaml and env vars) with potential exposure, and undocumented API endpoints. These factors yield a suspicious to high-risk profile due to credential handling and supply-chain uncertainties. Recommend tightening by using verifiable, signed releases from official registries, documenting and constraining credential access, and detailing TLS/endpoint security and token handling.