nodeops-auth

SUSPICIOUS. The skill’s actions mostly match its stated purpose, and there is no clear exfiltration or unrelated access, but the core trust issue is the unpinned external package whose public provenance was not independently verified from the provided evidence. Risk is moderate supply-chain exposure rather than confirmed malicious behavior.