aif

SUSPICIOUS: the skill's behavior is mostly aligned with its setup purpose, but it is inherently high-risk because it installs and chains third-party skills and npm-executed MCP servers with broad agent permissions. The required local scanning/manual review is a meaningful safeguard, yet it does not remove the core transitive supply-chain and credential-forwarding risk.