technical-blog-writing

Verdict: SUSPICIOUS. The skill’s intended purpose (technical blog writing) is benign, but its install/execution approach (curl | sh to fetch an unverifiable binary, remote binary distribution with checksum verification, multi-domain external tooling) and data flows (credential/login surface, external API and image-generation calls) introduce non-trivial supply-chain and data-flow risks. The combination of a non-official binary installer, potential credential handling via login, and outbound content/tool interactions warrants heightened scrutiny and, unless mitigated (e.g., signing, official registries, clear per-action user consent, minimized credentials), should be treated as suspicious rather than clearly benign.