cn-index

SUSPICIOUS. The skill’s purpose is plausible, but it forces all requests through an unverifiable private API on a bare IP, embeds an API key in the skill, and sends that key over HTTP without TLS. The file-copy install is benign, but the actual data flow and credential handling are not trustworthy or proportionate.