ai-cli-helper

This skill document is a legitimate-seeming helper for managing agent CLI configs and skills, but it contains several supply-chain and execution-risk patterns. The primary risks stem from direct instructions to run npx to install remote skills and to execute local scripts for skill management without recommending verification, pinning, or manual review. Those patterns create a high transitive execution risk: installing remote skills via npx fetches and runs third-party code which may perform malicious actions or exfiltrate data. The skill also encourages direct edits to user-scoped configuration files and automated command execution for manage/install flows, which increases the blast radius if a malicious skill or compromised installer is invoked. I do not find explicit obfuscated code, hard-coded secrets, or direct data exfiltration endpoints in this document, so this is not confirmed malware — rather a medium-high supply-chain security risk that requires mitigation (recommend adding version pinning, checksums, manual review steps, least-privilege guidance, and explicit confirmation before executing installs or edits).