deepseek

SUSPICIOUS: the skill’s core purpose is coherent, but it routes DeepSeek access, authentication, and action execution through Membrane rather than the official DeepSeek API. Installation source is relatively trustworthy via npm and official docs, so this is not confirmed malware; however, third-party credential handling, request logging/data retention, and dynamic action generation make the data flow and trust model broader than a simple DeepSeek integration.