eightctl

SUSPICIOUS: the skill is a thin installer pointer with no native functionality, creating a transitive trust chain to external content whose provenance is only partially verified. There is no direct credential theft or exfiltration in the provided skill text, but the unclear publisher relationship and install-only behavior make it medium risk.