inai-hono-sdk

SUSPICIOUS. The skill’s capabilities fit its stated auth-integration purpose and do not request disproportionate credentials or stealthy access, but the publisher/package/API provenance for the inai-dev ecosystem could not be independently verified. This makes the main risk an unverified third-party auth dependency and endpoint trust issue rather than confirmed malware.