image-upscaling

The skill's stated purpose (image upscaling) is legitimate, but its install and execution footprint relies on downloading and executing a remote script to fetch a binary from an external domain, then running a CLI-based app. This creates notable supply-chain and data-flow risks. The lack of verifiable source code for the downloaded binary, combined with curl|sh usage, warrants a Suspicious posture with high risk due to unverifiable binary distribution and potential data exfiltration pathways, despite the benign user-facing functionality. If a developer intends to use this skill, they should replace the install flow with a trusted, verifiable package from an official registry and provide explicit, auditable checksums and sources. Overall assessment: Suspicious with high risk due to download-execute supply-chain pattern; not confirmed malware, but security risk is elevated.