setup

SUSPICIOUS: The setup purpose matches installing skills, but it does so by cloning mutable third-party GitHub repos, symlinking all skills/scripts/hooks into Claude’s active directories, and optionally executing additional repo code and OAuth flows. Official prerequisites lower risk, but the transitive skill installation and unpinned repo trust make this a medium-high security risk rather than benign.