mcloud-variables

SUSPICIOUS. The skill’s purpose and commands are internally coherent for inspecting Cloud environment variables, and its warning about `--reveal` is a positive control. However, it requires a local `mcloud` binary whose official provenance was not verified from the supplied evidence, which makes the execution trust footprint disproportionate under the skill policy. No obvious credential harvesting, third-party proxying, or covert exfiltration is present, but the unverifiable CLI plus access to secret values drives a high security-risk classification.