tracekit-nuxt-sdk

Suspicious rather than clearly malicious. The Nuxt instrumentation, npm install path, and app.tracekit.dev telemetry endpoint are broadly consistent with an APM SDK, but the skill overreaches by chaining into an unreviewed auth skill/local script, minimizing user awareness during account/auth setup, and forwarding credentials to a CLI with limited provenance evidence.