mthds-install

SUSPICIOUS: the skill's purpose matches installation, but its footprint includes multi-stage trust delegation: npm CLI install, arbitrary GitHub package install, optional transitive skill installation, and possible runtime setup. Those capabilities are coherent with an installer skill, yet the lack of provenance checks, pinning, or verification for GitHub-installed methods/skills makes the overall risk medium to high rather than benign.