gate-mcp-cursor-installer

SUSPICIOUS. The skill's core purpose is installer automation, but its footprint is broader than necessary: it configures multiple MCP endpoints, executes remote npm code, and transitively installs all skills from another repo by default. The data flows are mostly consistent with a Gate ecosystem installer, so this is not confirmed malware, but the transitive installation and unpinned remote code make it a high security-risk skill.