appwrite-cli

The skill's stated purpose (Appwrite CLI for managing projects and resources) is broadly aligned with its demonstrated capabilities. However, the installation flow includes a high-risk remote script execution (curl | bash) which constitutes a significant supply-chain threat and undermines trust in the install provenance. The non-interactive/CI aspects require handling of API keys and endpoints, which is expected but increases potential exposure if logs or history leak secrets. Overall, the footprint is partially consistent but the install pattern is unacceptable from a security standpoint; treat as SUSPICIOUS with a high emphasis on replacing the installer with verifiable, signed, or registry-based installation. If the installer is replaced with an official, verifiable method (e.g., npm or package manager with integrity checks), the overall risk would drop toward BENIGN.