wayai

SUSPICIOUS: The skill’s core capabilities mostly match its stated purpose as a WayAI workspace/CLI guide, and the credential scope is broadly proportionate to a SaaS hub-management tool. The main concerns are supply-chain and trust-chain related: it instructs the agent to globally install an external CLI, use unpinned latest versions, and install another skill transitively via `npx skills add`. No clear credential exfiltration or deceptive third-party routing is shown, so this is not malicious, but it carries medium security risk.