zsxq-user

The stated capability is coherent and narrow: viewing the logged-in user's profile and posting history is consistent with a user-info skill. The main concern is install/execution trust: the skill depends on a nonstandard external CLI (`zsxq-cli`) without any provenance, registry source, or verification evidence in the provided content. No obvious exfiltration, excessive permissions, or unrelated credential access is described, so this is better classified as suspicious due to unverifiable dependency risk rather than malicious behavior.