model-provider

SUSPICIOUS: the skill is mostly coherent and narrowly scoped, but it routes model access through KIE, a third-party intermediary, while recommending models like Sora 2 without pointing to official OpenAI access. This is not confirmed malware, but it creates moderate security and data-flow risk because API credentials and media generation traffic go to a non-official gateway.