Karakeep

The skill's requirements and runtime instructions align with a CLI client for a bookmark manager and do not request unrelated credentials or system access, though there are minor metadata inconsistencies and the npm install vector has the usual supply-chain considerations.

This skill looks coherent for controlling a Karakeep instance: it needs the karakeep CLI and your Karakeep API key (and optionally the server address). Before installing, verify the npm package and Docker image come from the official Karakeep project (check the repository link and publisher), and prefer the Docker image or a vetted package provider if you don't fully trust the npm supply chain. Only provide an API key with the minimum necessary scope; if possible create a scoped or revocable token. Note the small metadata mismatch about whether the server address is required — double-check configuration when you install. If you have high security requirements, inspect the package source code or run installation in an isolated environment (container/VM) and review the repository at https://github.com/karakeep-app/karakeep before handing over credentials.