card

SUSPICIOUS. The core card-generation workflow is coherent, but the skill’s trust model is weakened by mandatory login, explicit token-file use, and especially autonomous install/upgrade of an external CLI whose official provenance is not established in the provided evidence. This looks more like a legitimate hosted-tool skill with notable supply-chain and credential-handling risk than confirmed malware.