claude-code-templates

SUSPICIOUS: The skill's broad install-and-manage purpose largely matches its capabilities, and the primary installer comes from npm with consistent repo linkage. However, mutable `npx @latest`, on-demand remote component fetching, transitive installation of many third-party agent components, and analytics/chat monitoring create medium security risk and unclear data-flow boundaries.