find-skills

SUSPICIOUS. The skill's stated purpose matches its behavior, and the CLI appears to be an official ecosystem tool, so this is not outright malicious. However, the skill is inherently high-trust because it directs the agent to discover and install additional third-party skills, including non-interactive global installs, with unpinned runtime execution and no clear integrity verification. The main risk is transitive installation of unreviewed skills that can expand the agent's permissions and behavior.