Keychains.dev

The skill is classified as suspicious due to its reliance on installing a global npm package (`keychains@latest`) and proxying all API requests through an external third-party service (keychains.dev). While the stated purpose is to enhance credential security, the `npm install` command in SKILL.md represents a significant supply chain vulnerability, as it executes arbitrary code from an external source. Furthermore, routing all API traffic and credential handling through keychains.dev introduces a substantial trust dependency on an external service, which is a risky capability even if its current intent is benign.