mmk-shared

SUSPICIOUS: The skill is mostly coherent with a CLI foundation skill, but install trust is weakened because the exact npm package provenance could not be verified and the package uses a mutable beta tag. The configurable server endpoint also broadens data-flow risk, though there is no clear evidence of credential theft, covert behavior, or unrelated access.