use-topbar

SUSPICIOUS. The core UI-scaffolding purpose mostly matches the file reads/writes and theme wiring, and the shadcn CLI path appears official. However, the skill adds persistent Cursor session hooks and relies on an unpinned remote registry install, making its footprint broader than necessary for a simple topbar integration. No clear credential theft or exfiltration is present, but install-trust and persistence concerns make this higher than benign.