motion

SUSPICIOUS: most of the skill is benign Motion documentation, but it also includes high-trust install/execute patterns for premium tooling: `curl|bash`, remote `npx` tarball execution, token forwarding, query-string secrets, and one plain-HTTP installer URL. These behaviors are same-org and purpose-related rather than clearly malicious, but they make the skill materially riskier than a normal framework guide.