vercel-ai-sdk

SUSPICIOUS. The skill's capabilities mostly match its stated purpose as an LLM SDK guide, and its install path is standard PyPI/uv rather than a raw downloader. The main concern is provenance mismatch: the branded package is maintained by a third party, not a verifiable Vercel publisher, plus optional gateway/MCP patterns introduce extra trust and data-routing risk. This looks more like a moderately risky third-party developer skill than overtly malicious content.