freellmapi-proxy

This skill is coherent with its stated purpose: a self-hosted LLM proxy necessarily stores multiple API keys and forwards prompts to official provider APIs. The main concerns are supply-chain trust in an unrelated GitHub repo, concentration of many credentials in one local service, and unverified npm dependencies. Overall this looks more like a legitimate but medium-risk proxy setup than clear malware.