creator-scraper-cv

The skill is mostly aligned with its stated SaaS scraping purpose, and its credential needs are proportionate. The main security concern is the default non-TLS API endpoint, plus external OSS/webhook data flows and a user-overridable base URL; these make the skill suspicious rather than clearly malicious.