ai-video-calls-tavus

SUSPICIOUS. The skill's purpose is plausible, but its actual footprint is not well aligned: it reads a local Gooseworks credential file and forwards requests through Gooseworks proxy endpoints instead of Tavus official APIs. That intermediary data flow, combined with direct credential-file access and only partially verifiable Gooseworks CLI/package provenance, creates medium-high security risk without enough evidence for confirmed malware.