design-api

SUSPICIOUS. The core API-design behavior is coherent, and the external endpoints appear to be official for their stated services, so this is not confirmed malware. However, the skill expands scope by sourcing shell profiles for API keys, uploads user-generated specs to a third-party linting service, and uses unpinned runtime/package-CDN dependencies for preview; these are proportionate enough to avoid a malicious verdict but create meaningful security and privacy risk.