configure-metrics

SUSPICIOUS. The skill’s capabilities are largely aligned with its stated purpose and data flows appear first-party to Coval, but it relies on an external coval CLI whose installer provenance and release verification were not established. That makes this primarily a supply-chain trust concern rather than evidence of malicious intent.