babeliocli-discover

SUSPICIOUS: the stated purpose is coherent and the data flow targets the apparent official Babelio domain, with no credential harvesting or proxying. However, the core dependency `babeliocli` is an unverifiable external binary with no documented provenance, so install/execution trust is not established and overall risk remains high despite otherwise limited scope.