naga-config

SUSPICIOUS. The core purpose is coherent for a self-management skill, but it carries high-impact control over full config, prompt contents, MCP onboarding, and transitive skill installation. The main risk is not obvious malware; it is broad privileged reconfiguration, unpinned MCP package execution, arbitrary remote MCP endpoints, and prompt exposure/persistence.