ai

SUSPICIOUS. The skill's core purpose is coherent for an AI SDK guide, and the credential scope is mostly proportionate, but the install/package provenance is not cleanly aligned with Vercel's official tooling, and the MCP example adds transitive remote-execution risk. Main concern is supply-chain and proxy/data-routing trust, not confirmed malware.