use-template

SUSPICIOUS. The core cloning/editing behavior matches the stated template-bootstrap purpose, but the skill automatically executes npm install on copied code and sends telemetry to an unverifiable Railway-hosted endpoint. This is not fundamentally incompatible with the skill’s purpose, so it is not malicious, but the install trust and outbound data flow are moderately risky.