otel-expo-style

SUSPICIOUS: the skill's observability purpose is plausible, but it goes beyond styling by directing users to embed a live ingest key in client source and route telemetry, including business attributes and auto-instrumented request metadata, to a third-party endpoint. Install provenance appears same-org and not overtly malicious, so this looks more like overbroad credential/data handling than confirmed malware.