synthesize

SUSPICIOUS: the skill’s core behavior matches text-to-speech, but it depends on a nonstandard local Kokoro wrapper installed via another skill rather than a clearly official upstream CLI. No clear exfiltration or credential abuse is present, so this looks like a moderate supply-chain and transitive-trust risk, not confirmed malware.