motion-agent

SUSPICIOUS. The main React/Motion documentation is consistent with the skill’s purpose, but the skill also includes high-risk install patterns: remote tarball execution, `curl|bash`, mutable `latest`, and token forwarding to externally fetched code. These same-org data flows may be legitimate, but they materially exceed a simple animation helper’s footprint and create substantial supply-chain and credential exposure risk.