skills-management

SUSPICIOUS: the skill's stated purpose matches its capabilities, and its primary remote tooling appears to be the official Vercel Labs Skills CLI. However, its core behavior is transitive installation and management of third-party skills from arbitrary repos, giving external skill instructions the agent's permissions across many local agent directories. This is a coherent but inherently high-trust workflow, so the main concern is supply-chain and transitive-skill risk rather than confirmed malware.