opensearch-skills

SUSPICIOUS: The skill’s purpose broadly matches trace analytics, but it expands trust to remotely fetched MCP packages, forwards OpenSearch/AWS credentials into those tools, and documents disabling TLS verification. The overall footprint is plausible for the task but carries meaningful supply-chain and credential-handling risk rather than clear malicious intent.

SUSPICIOUS. The core OpenSearch functionality is coherent and the publisher appears legitimate, but the skill expands trust by instructing the agent to install additional skills, run `uvx` MCP servers at `@latest`, and modify local MCP config files. Risk is driven more by transitive installation and external tool execution than by any clear malicious data exfiltration.