dfs-keyword-research

SUSPICIOUS: the skill’s purpose is coherent, but it depends on a third-party npm CLI that receives DataForSEO credentials and hides the actual API/auth data flow behind the wrapper. This is not clearly malicious, yet the install trust and credential-forwarding model are riskier than a direct official API integration.