product-validator

SUSPICIOUS: the skill’s purpose and local execution are broadly coherent, and there is no clear malware behavior or supply-chain lure. The main concern is data-flow integrity: it requires credentials for a NexScope proxy and sends requests through proxy endpoints that are not publicly verifiable as official upstream APIs, creating moderate trust and transparency risk.