chat-ui

The skill primarily provides UI components for building chat interfaces and demonstrates typical client-side data flows (user messages to API responses) with remote installation via npx. While the functionality aligns with the stated purpose, the installation approach introduces notable supply-chain and remote-installation risks due to pulling components from an external URL at install time. There are no explicit credentials required by the skill, and data flows are standard for chat UIs, but the unverifiable remote install pathway and potential for downstream code to modify behavior warrant treating this as suspicious rather than benign. Recommended mitigations include pinning to a verified registry artifact, verifying the integrity of the remote chat.json, and ensuring install-time scripts are audited and sandboxed.