zoe-heartbeat

SUSPICIOUS. The skill’s maintainer-monitoring purpose is plausible, but its actual execution relies on an unverifiable `probe` CLI that appears to store auth and perform networked actions, plus an unverified TTS tool in the reporting path. Autonomous posting and transitive skill loading further increase risk. Main concern is trust and credential/data routing, not confirmed malware.