rr-domain-cli

This SKILL.md describes a CLI tool (rr) for RealtimeRegister domain management and mainly documents usage and install instructions. The manifest itself does not contain executable code or direct malicious instructions, but it delegates all functionality to a third-party binary installed from a personal Homebrew tap or built from a GitHub repo. The main security concerns are supply-chain risk (unverified binary distribution) and credential exposure because the rr binary runs with the user's environment and keyring credentials. The requested credentials (RR_API_KEY) are appropriate for the tool's purpose, so purpose-capability alignment is reasonable; however the lack of checksum/signature verification and reliance on a personal tap increase security risk. Recommend: verify the upstream repo, review the rr binary source and release artifacts, prefer official/Homebrew-core distribution or signed releases, and avoid placing secrets in environment variables if not necessary (use per-command ephemeral tokens where possible).