ziqx_auth_sdk

SUSPICIOUS: the skill's purpose and capabilities mostly fit an auth SDK integration, but the core dependency cannot be clearly verified from public evidence and the documented API appears inconsistent with the publicly found package. No overt malware or exfiltration pattern is shown, but provenance uncertainty and a token-to-client example raise medium supply-chain and credential-handling risk.