google-docs

SUSPICIOUS. The core Docs/Drive operations and official Google data flows align with the stated purpose, and install sources look legitimate. However, the skill's required OAuth scopes are materially broader than necessary for a Docs/Drive skill, and shared token reuse across multiple Google skills increases credential exposure and impact. Overall this looks like a legitimate productivity skill with overbroad access rather than confirmed malware.