setup-agent

SUSPICIOUS. The skill’s stated purpose matches its actions, and the requested data is mostly proportionate to agent onboarding. The main risk is install/execution trust: all sensitive operations run through an unpinned npx CLI fetched at runtime, with only partial provenance evidence and no confirmed public source/release verification for the CLI itself. This looks more like a risky onboarding skill than confirmed malware.