n8n-cli

SUSPICIOUS. The skill’s functions match n8n administration, but it centers on a non-official third-party CLI and forwards a high-value API key to that tool. Data flows appear intended for the user’s n8n instance rather than an obvious exfiltration endpoint, so this is not confirmed malware, but the install/provenance and credential-forwarding risks are significant.