skill-installer

No direct indicators of malicious code in the installer description itself — network calls target GitHub and use standard methods, and environment variables requested are reasonable for private repo access. However, this skill materially increases supply-chain risk because it installs arbitrary repository content into the agent's skills directory and can use tokens or host git credentials to access private repos. Treat the installer as 'suspicious' from a supply-chain perspective: the tool is functionally correct for installing skills but grants the ability to pull and place code that will be executed by the agent. Operators should verify sources, restrict tokens, and avoid running with elevated privileges or allowing automatic execution of fetched code.