kimi-pdf

SUSPICIOUS. The stated purpose is coherent for a PDF skill, but the required execution path relies on an unverified local wrapper script and a fix flow that likely installs additional tooling. Combined with external-search ingestion and runtime downloads by Playwright/Tectonic, this makes the skill high security risk despite no clear evidence of credential theft or confirmed malicious intent.