skill-builder

SUSPICIOUS. The skill's core behavior is mostly aligned with a skill scaffolding/management purpose, but it also instructs the agent to clone a personal GitHub repo, execute local install scripts, and install/manage other skills transitively. There is no clear credential theft or exfiltration, so this is not malicious, but the combination of repo-trust dependency, command execution, persistent installation, and transitive skill loading makes it medium-high risk.