skills-updater

The skill's stated purpose and capabilities are internally consistent: it legitimately needs to read local installed skill metadata and query marketplace metadata to detect updates. The main security concern is supply-chain risk from transitive installs and automatic reinstallation: using npx --force and triggering installs (especially via an --auto-install flag) can cause arbitrary third-party code to be fetched and executed in the user's environment without strong integrity checks. There are no explicit exfiltration endpoints or obfuscated/malicious code in the provided fragment, but the lack of checksum/signature verification, combined with forced installs and automatic reinstall behavior, makes this a medium-risk skill for supply-chain compromise. Recommend adding cryptographic verification of marketplace artifacts, prompting for per-skill confirmation before auto-install, and limiting forceful npx installs or performing installations in a sandboxed environment.