asc-customer-reviews

SUSPICIOUS: the skill’s purpose is coherent, but it routes Apple account credentials through a non-Apple third-party CLI with unpinned install paths, and some documented commands were not verified against upstream docs. Data flow appears aimed at official Apple APIs, so this is not confirmed malware, but it carries meaningful supply-chain and credential-forwarding risk.