deepseek-api

SUSPICIOUS: The skill's purpose matches an API-broker service, but it routes prompts and credentials through SkillBoss instead of DeepSeek, and it relies on a same-domain remote shell installer that could not be independently verified. This is not confirmed malware, but the intermediary data flow and unverified install path create meaningful supply-chain and trust risk.