hevy

SUSPICIOUS/HIGH-RISK skill. Its stated purpose fits Hevy workout management, and the documented API domains are coherent with Hevy, but the required `hevy` CLI is an undocumented, unverifiable binary that receives the user's Hevy API key. Under the mandatory scoring rules, that combination warrants high security risk and elevated malware probability despite no confirmed malicious endpoint or payload.