social-sentiment

SUSPICIOUS: the skill's analytics purpose is coherent, but it depends on a non-Xpoz third-party CLI and a separate setup skill for authentication, creating transitive trust and credential-forwarding concerns. Data flows appear consistent with Xpoz's service rather than obvious exfiltration, so this looks more like a medium-risk integration pattern than confirmed malicious behavior.