cloudflare

SUSPICIOUS. The skill's stated purpose is plausible, but the actual deployment path appears to route code, auth, and optional OpenRouter credentials through a Vibes-managed intermediary rather than direct official Cloudflare API flows. That mismatch and the hidden deploy script make the skill medium-high risk, though there is not enough evidence here to call it confirmed malware.