lore

SUSPICIOUS: the skill’s capabilities mostly match its stated purpose, and governance guidance is coherent, but it requires a proprietary Lore CLI that appears only partially verifiable from the provided evidence and directly handles auth tokens/API keys. Under the mandatory overrides, an unverifiable required CLI receiving credentials makes this high security risk even without clear evidence of malicious intent.

SUSPICIOUS. The skill’s capabilities are broadly consistent with a Lore backend management tool, and its data flows appear aimed at Lore-owned services rather than unrelated third parties. However, it relies on a remote-script-installed external CLI whose provenance is not independently verifiable from the evidence provided, and that CLI accepts API keys. This makes the skill high risk on install/execution trust and credential forwarding grounds, despite otherwise coherent purpose alignment.