eightctl

SUSPICIOUS: the skill’s purpose and capabilities mostly align, but it asks the agent to install and trust a personal third-party CLI, hand over account credentials, and perform real-world device actions through an unofficial API. This is not confirmed malware, but the trust and credential-forwarding footprint is broader than a low-risk utility.