faceswap

SUSPICIOUS. The main behavior aligns with a cloud face-swap service and uses same-domain API auth, so this is not clearly malicious. However, it uploads sensitive biometric media to external storage, returns public URLs, and instructs installation of a second skill whose exact official identity was not well verified, creating moderate supply-chain and privacy risk.