javascript-sdk

SUSPICIOUS: the core SDK documentation is largely coherent and uses standard npm distribution, but the skill is broadened by explicit transitive skill-install instructions and agent/tool patterns that expand trust beyond a simple JavaScript SDK. The main concern is scope creep and external skill installation, not confirmed malware.