squad

SUSPICIOUS: the skill is broadly aligned with task-board management, but it forwards auth tokens and project/task data to a configurable backend that is only visibly represented by a vercel.app deployment, with key auth/setup details hidden in referenced files not provided here. No malware indicators or remote installer behavior are present, but endpoint provenance and credential routing are insufficiently verifiable.