meitu-ai

SUSPICIOUS: The skill’s stated purpose and behavior are mostly coherent for a lightweight router, with no clear malicious or unrelated capability. The main risk is trust in the external meitu-cli/delegated tooling: the package appears to come from official PyPI but lacks strong evidence of being published by the same org as Meitu, and credentials may flow through that dependency. This is more a supply-chain and credential-forwarding concern than confirmed malicious behavior.