pp-opensnow

SUSPICIOUS: the stated purpose is coherent for a snow-forecast skill, but the footprint includes external CLI/MCP installation, credential forwarding into that CLI, query-parameter token use, and optional arbitrary webhook delivery. These are proportionate enough to avoid a malicious label, yet they materially increase trust and data-flow risk beyond a simple read-only weather skill.