kimi-usage-monitor

SUSPICIOUS. The skill’s purpose is coherent, but it is moderately risky because it depends on broad authenticated-browser access via OpenClaw and enables autonomous agent decisions/subagent gating. Data flow appears local-to-official-service with no clear credential harvesting or third-party proxying, so this is not confirmed malicious; the main issues are browser-session scope and installer hygiene.