kairos-code

SUSPICIOUS. The skill’s stated purpose is coherent, but it delegates execution to an unverifiable external KAIROS MCP server that can mint/update protocols and drive the agent through remote next_action steps. There is no direct credential harvesting or obvious malware behavior in the skill text, but the trust and remote-control model create meaningful security risk.