python-sdk

SUSPICIOUS: the core Python SDK documentation is mostly coherent and uses an official pip package, but the skill also pushes unrelated/transitive skill installations and includes agent patterns that combine remote content ingestion with execution-capable tools. This is not confirmed malware, but it carries medium risk beyond a narrowly scoped SDK guide.