cml-topology-builder

SUSPICIOUS. The skill's topology-building capabilities and required CML credentials are broadly consistent with its stated purpose, but it relies on a community-maintained third-party MCP server that receives those credentials. There is no clear evidence of malicious exfiltration, yet the external credential-forwarding trust boundary and undeclared cross-tool references make the overall footprint moderately risky.