xapi

SUSPICIOUS: the skill’s broad purpose matches its features, but its trust footprint is large. It installs and executes an external CLI, routes many third-party API calls through xapi’s own infrastructure, forwards API/OAuth authority to that intermediary, and supports real-world actions including social posting, SMS procurement, and payments. This is not clearly malicious, but the intermediary data flows and credential/power concentration make it a high-trust skill that is risky for an autonomous agent.