agentation

SUSPICIOUS: the file-editing portion matches the stated Next.js toolbar setup, but the skill also installs and auto-registers an external MCP server via unpinned `npx`, expanding trust and creating an unclear data path. The main concern is supply-chain and transitive tool installation rather than confirmed malware.