apple

SUSPICIOUS due to install-trust concerns, not behavior. The skill's purpose and local data flows are coherent for an Apple OAuth emulator, but its core dependency is an unpinned `npx` package whose publisher/provenance is not established in the skill, raising supply-chain risk. No evidence of credential harvesting, third-party proxying, or malicious exfiltration appears in the instructions themselves.