using-toolkit

SUSPICIOUS: the core behavior is a dispatcher, but it is overly coercive and expands trust to additional skills by default. The official `npx skills` CLI lowers pure malware concern, yet the skill's main footprint is transitive skill loading and unpinned third-party installation, which is disproportionate for a simple catalog/dispatch helper.