tracekit-nextjs-sdk

SUSPICIOUS. The core behavior is mostly coherent for a Next.js observability integration and data flows go to same-brand TraceKit endpoints, but trust is weakened by the undocumented local auth script, the requirement to invoke another skill first, and only partial verification of the exact SDK/CLI publication path. This looks more like a legitimate-but-medium-risk vendor setup skill than clear malware.