pixel-capi

SUSPICIOUS: The skill’s stated purpose largely matches its Meta Pixel/CAPI behavior and official Meta API data flow, but it introduces an unnecessary, unverified 'social-cli' token acquisition path and advises reading a raw token from ~/.social-cli/config.json. That third-party credential path is the main risk; without it, the skill would be largely benign.