open-agent-sdk-typescript

SUSPICIOUS: the skill is broadly aligned with its stated purpose as an agent SDK guide, and the main package install path is coherent. However, its footprint is high-risk for agent use: autonomous permission bypass, shell/file/git capabilities, npx-fetched MCP servers, and optional routing of API traffic through third-party OpenRouter. This looks more like a powerful but risky developer skill than malware.