skill-manager

The skill is functionally consistent with its stated purpose (searching a local DB and downloading skill folders), but it presents a notable supply-chain risk: it will fetch and install arbitrary third-party repository folders into the agent's runtime without described integrity checks, sandboxing, or review steps. That makes the component SUSPICIOUS for supply-chain use — safe only if combined with strong provenance verification, explicit user review of files, and runtime sandboxing. No explicit malware or obfuscated payloads are present in this document, but the installer behavior is powerful and can be abused to install malicious skills from seemingly legitimate GitHub repos.