ai

SUSPICIOUS. The skill mostly matches its stated purpose as an AI SDK reference, and there is no direct malware, stealth, or credential theft behavior. However, the install target appears to be a third-party package using Vercel branding, and the documented support for custom base URLs and transitive MCP/stdIO tool installation increases trust and credential-routing risk beyond a straightforward docs skill.