amq-cli

The skill's stated purpose (AMQ-based inter-agent messaging) is generally coherent with its described capabilities. However, there is a significant security concern due to the install path: it downloads and executes a remote script to install the amq CLI from an unverified source, which constitutes a classic supply-chain and potential credential/data risk. This pattern, especially when combined with potential local data handling by the unverified binary, makes the overall footprint suspicious and not confidently safe for deployment without additional verification (pinning, checksums, official registry packaging, or a trusted internal repository). If the install source is replaced with a verified, signed release from an official registry and the tool’s authors provide hash/signature validation, the risk would be substantially reduced and the footprint would be more clearly benign.