ecom

SUSPICIOUS. The skill’s stated purpose and local file flows are coherent for ecommerce analytics, and there is no evidence of credential harvesting or external data routing. However, the core capability relies on an undocumented local CLI/runtime whose provenance cannot be verified from the skill text or official docs, creating a mandatory high supply-chain risk even without stronger signs of malicious intent.