laohan-redian

SUSPICIOUS. The core purpose is coherent for a news-trending aggregator, and the documented AIHOT/OpenCLI data flows look legitimate. Main risk comes from executing an unverified local `douyin-ai.js`, broad Bash permissions, and an underspecified Scrapling fallback; these make the skill higher-risk than a simple documentation-only fetcher, but there is no clear evidence of credential theft or malicious exfiltration.