backup

SUSPICIOUS. The core backup/list/restore/delete behavior is broadly aligned with the stated purpose, and the workflow includes strong user-confirmation guardrails. However, the skill handles plaintext secrets, sends them with a container JWT to an internal service whose provenance cannot be independently verified here, and restore can trigger unpinned transitive skill installation via `npx skills install`. That combination makes the overall footprint higher-risk than a typical backup guide, even without clear evidence of malicious intent.