pp-openalex

SUSPICIOUS: the stated read-only OpenAlex purpose mostly matches the commands, but the skill relies on runtime installation of a third-party CLI from a different publisher identity and includes arbitrary webhook delivery plus optional external feedback posting. This is not clearly malicious, yet its actual footprint is broader than a minimal API query skill and requires moderate trust in external binaries and outbound network paths.