iblai-chat

SUSPICIOUS. The core behavior mostly fits a hosted chat-widget integration, but the skill’s footprint includes forwarding localStorage-based auth context to an iframe and relying on a proprietary CLI plus other skills not fully shown here. That is not clearly malicious, yet it creates meaningful supply-chain and data-flow trust concerns that are broader than a simple UI component wrapper.