find-skills

SUSPICIOUS: the skill is coherent with its stated purpose, and the CLI appears official, but its main function is transitive skill installation from broad third-party sources. The use of noninteractive install (`-y`) and expansion of the agent's capabilities/permissions through newly installed skills make this a high-trust workflow that should be treated as risky even without direct malware indicators.