setup-tooluniverse

The skill description and step-by-step guide are coherent for teaching users how to install and operate ToolUniverse across modes. However, the footprint includes a high-risk download-execute pattern (curl | sh) from an external domain without verifiable signatures, combined with API key handling guidance that lacks robust secrets-management details. This creates notable supply-chain and credential-exposure risks, and indicates the footprint is not proportionate to a safe, standard developer tooling guide. Flag as suspicious to high-risk due to unverifiable binary installation and potential credential exposure pathways; mitigate by sourcing installers from official registries, adding checksums/signatures, and providing explicit secrets-management guidelines.