groove-admin-update

Suspicious due to transitive skill installation and execution of newly fetched migration content, but not overtly malicious. The data flow and file changes mostly match the stated update/migration purpose, and there is no credential harvesting or off-platform exfiltration; the main risk is trusting remotely installed skill content at runtime.