3x-ui-setup

SUSPICIOUS. The skill’s core capabilities broadly match its stated purpose of setting up and hardening a VPS-based 3x-ui VPN server, and the main external tools are same-org official GitHub sources rather than arbitrary third-party hosts. However, it has a larger-than-average operational footprint: it executes remote installer code as root, runs an unpinned release binary, performs subnet scanning, stores multiple secrets in guide files, and includes a transitive Claude Code installation path. This looks more like a high-risk infrastructure automation skill than credential theft, but its install trust and secret-handling are not low risk.