LLM

SUSPICIOUS: the skill is mostly aligned with its stated LLM-chat purpose and lacks overt malicious behavior, but trust is reduced by weak first-party provenance for the exact SDK package and by configurable baseUrl routing that could send prompts and credentials to non-official endpoints. Overall this is a moderate-risk backend integration skill rather than confirmed malware.