clarvia-aeo-check

SUSPICIOUS. The skill’s stated purpose mostly matches its capabilities, but trust is weakened by an unpinned `npx -y` installer and unclear first-party ownership across Clarvia-related domains and hosting. No strong credential-harvesting or overtly malicious behavior is shown, but the install path and endpoint provenance make it higher risk than a typical documentation-only skill.