bkn-creator

SUSPICIOUS: The skill is broadly consistent with a first-party platform CLI and uses a normal npm install path, so it is not clearly malicious. However, it grants wide operational power, relies on local reusable credentials in ~/.kweaver, can print tokens, supports generic API calls and file/URL handling, and includes transitive skill installation; these make the overall footprint medium risk and worth caution.

SUSPICIOUS: the visible bridge skill is mostly a router, but its real behavior is hidden in local pipeline/sub-skill files and an undisclosed bundled KWeaver CLI. There is no direct evidence of credential theft or malicious exfiltration in this excerpt, yet the opaque transitive execution model and unresolved CLI provenance create medium security risk until the internal files and bundled tool are reviewed.