interactive-widget

SUSPICIOUS. The skill’s purpose and capabilities broadly align, but its core function depends on an externally hosted service and CLI whose publisher relationship and official provenance could not be verified. Data flows are consistent with widget hosting, yet permanent remote artifact upload plus opaque CLI trust make the overall risk medium-high rather than benign.