kw-update-skills

SUSPICIOUS: the stated purpose matches the capability, but the skill exists to update/install other remote skills, creating a transitive trust and supply-chain risk disproportionate to a simple helper. No clear credential theft or covert exfiltration is shown, but enabling bulk remote skill updates is materially risky.