valyu-search

SUSPICIOUS. The skill's capabilities and first-party data flows are broadly consistent with a Valyu API integration, and there is no strong sign of credential theft or malicious redirection. The main concerns are trust in an unverifiable marketplace-packaged local wrapper and the instruction to pass the API key as a command-line argument, which creates unnecessary credential exposure.