related-skill

SUSPICIOUS: the skill is coherent in purpose, but its core behavior is transitive skill installation through a broad `npx skills *` permission. The CLI appears official, reducing outright malware concern, yet the skill expands agent capabilities by pulling in additional remote skills that are not independently reviewed here, which is a meaningful supply-chain and trust-boundary risk.