nautobot-sot

SUSPICIOUS. The skill’s functionality is coherent and mostly proportionate for a read-only Nautobot IPAM integration, with no clear exfiltration or malicious mismatch. However, it installs and executes a non-official third-party MCP server from a mutable GitHub checkout and forwards a Nautobot API token into that code, creating meaningful supply-chain risk.