api-connector

SUSPICIOUS. The skill is largely aligned with its stated purpose and routes data to official APIs, with no clear malware, hidden exfiltration, or suspicious installer. However, its scope is very broad and it grants an AI agent the ability to perform real-world actions across many services—including payments, email, messaging, webhooks, and code generation—using stored credentials, which makes the overall security risk high despite coherent purpose alignment.