wellgrow-setup

This document is a vendor onboarding guide for installing a WellGrow CLI and/or registering a WellGrow MCP server. It instructs users to install a global npm package and to provide high-value credentials (Anthropic/OpenAI API keys and MCP account credentials) and to trust a single remote domain (wellgrow.ai) for OAuth and MCP operations. There is no code in this fragment showing direct malicious behavior (no obfuscated payloads, no curl|bash pipelines, no hardcoded attacker endpoints beyond the vendor domain). The primary risks are credential exposure and supply-chain risk from installing a global npm package without verification, and unclear handling of secrets (storage/transmission). Overall this appears functionally consistent with a legitimate onboarding guide for a hosted product, but because it solicits multiple sensitive credentials and lacks detail about where those secrets are stored or forwarded, the security risk is moderate and users should verify the package source (repository, maintainer), review the CLI code, and prefer using least-privilege or temporary API keys.