cekura-coordinator

SUSPICIOUS. The coordinator’s stated purpose is coherent and mostly benign, but the surrounding documented workflow introduces moderate trust risk: it can route into other skills and, for some MCP setups, relies on third-party mcp-remote that may receive Cekura API keys. This is not confirmed malware and does not show incompatible behavior inside the skill itself, but the transitive trust chain and credential-forwarding pattern make it riskier than a simple help/router skill.