skillhub-guide

SUSPICIOUS. The skill’s purpose and capabilities are mostly aligned, but its main install path depends on an unverified remote pipe-to-shell installer and then encourages transitive installation of additional skills through an external CLI. There is no clear credential harvesting or overt exfiltration, but the install/execution trust model is too weak to treat as benign.