happyhorse

SUSPICIOUS. The core behavior fits a video-generation skill, but it relies on installing another skill and routing usage through the inference.sh/Belt platform instead of a direct Alibaba integration. The CLI appears official and open-source, so this is not confirmed malicious, but the transitive install and credential forwarding make the footprint broader than necessary.