kwc-vue-development

SUSPICIOUS. The skill’s stated purpose is coherent, and there is no clear credential theft or exfiltration behavior, but it relies on an unverifiable local `kd` CLI, partially unverifiable `@kdcloudjs/*` packages, and a transitive dependency on another skill. That makes the trust footprint too high for a simple Vue development helper, so this is high security risk but not confirmed malware.