zai-cli

SUSPICIOUS. The core purpose is plausible and the documented service domains are official Z.AI properties, but the skill relies on runtime execution of an npm CLI whose official publisher relationship was not established in the provided evidence, while also forwarding an API key to that CLI. Broad Bash/file permissions and processing of untrusted web/repo content further raise risk. Main concerns are supply-chain trust, credential forwarding, and prompt-injection exposure rather than confirmed malware.