init-onecli

SUSPICIOUS: the skill’s purpose is plausible, but its footprint is not proportionate or trustworthy. It installs an unverifiable external CLI/gateway via `curl|sh`, then reads local credentials and forwards them into that software, creating a strong supply-chain and credential-harvesting risk even though the local-only gateway story sounds legitimate.