things-manager

SUSPICIOUS. The purpose is coherent for task management, but the trust and data-flow model is not: the skill installs an unpinned personal-repo CLI and forwards raw Things credentials to it for an unofficial direct-cloud integration that the vendor does not support. This is better classified as high-risk vulnerable tooling than confirmed malware.