oma-scholar

SUSPICIOUS: the purpose and network destinations mostly fit scholarly sidecar workflows, but the skill’s required `oma scholar` CLI is not verifiably sourced from an official registry or same-org release trail. Because the skill may also pass an optional API key through that opaque executable, the trust gap is disproportionate and triggers high security risk despite otherwise coherent functionality.