quota-reporter

SUSPICIOUS. The skill’s actual footprint is inconsistent with a simple quota-reporting utility: it centralizes and uploads local auth, fetches replacement credentials from a third-party hub, persists a personal token, self-updates from GitHub main, and runs continuously. Even if framed as team auth rotation, the data flows and privileges are disproportionate and create a high risk of credential theft or account misuse.