live-dashboard

SUSPICIOUS. The stated purpose is plausible, but the actual trust model is weak: the skill reads locally stored marketing credentials and routes them through multiple unverified MCP connectors, including an unverified Looker Studio MCP path, instead of clearly documented official vendor auth/API flows. That mismatch raises medium-high security risk even without explicit malware behavior.