bni-121

SUSPICIOUS: The skill’s core purpose is coherent, and data is routed to official BNI domains, but it is high-trust automation that collects raw credentials, extracts JWTs from browser localStorage, uses undocumented internal APIs, and has broad execution permissions. This looks more like risky account automation than confirmed malware.