codexsaver-cost-router

SUSPICIOUS: the skill’s core behavior is broadly aligned with cost-aware LLM routing, but its trust chain is weaker than claimed because installation comes from a mutable GitHub repo owned by a different entity than the stated publisher. Data flows and credential use are mostly proportionate, yet the repo-installed MCP tool receives API keys and code context and forwards them to third-party model providers, creating meaningful supply-chain and data exposure risk.