deepseek

SUSPICIOUS: The skill’s purpose is coherent, but it relies on a third-party X-CMD CLI rather than an official DeepSeek client, uses remote-script installation, and asks users to hand their DeepSeek API key to that CLI. This is not confirmed malware, but the install path and credential-forwarding design create medium security risk and weaken data-flow integrity.