beads

SUSPICIOUS. The core bd usage guidance is broadly aligned with issue tracking, but the skill normalizes a raw GitHub curl|bash installer from a personal repo and explicitly promotes stealth mode and permission-avoidance behavior. No direct credential theft or off-platform data exfiltration is shown, so this is not confirmed malware, but the install path and concealment cues make the skill higher-risk than a typical CLI helper.