cost-export

SUSPICIOUS. The skill’s core behavior matches its stated observability-export purpose, and there is no installer or obvious hidden payload. However, it sends internal telemetry to arbitrary external webhooks and can forward Authorization headers to those endpoints, making data-flow trust the main risk. This is not confirmed malware, but it has medium-high security risk due to external export and credential-forwarding potential.