ops-settings

SUSPICIOUS. The skill’s main behavior is broadly consistent with a credential/settings manager, and most data flows go to official service endpoints or official CLIs. However, it centralizes many secrets, performs live credential validation over the network, and includes a Doppler smoke test that installs and runs an npm package on demand with a token in scope, which creates disproportionate supply-chain and credential-forwarding risk for a settings skill.