skill-installer

SUSPICIOUS. The skill is coherent with its stated purpose, but that purpose is to install other skills, creating significant transitive-trust risk. Public evidence shows dependency on unverified external CLIs and unspecified marketplace trust boundaries, while no credential harvesting or explicit exfiltration is shown.

This fragment does not show explicit malicious code (no eval/exec, obfuscation, or exfiltration), but it exposes a high-impact capability: a remote client can request installation of a marketplace “skill” via saveInstalledSkill(), making supply-chain and downstream code-loading behavior the key risk. Risk should be reviewed by inspecting getMarketplaceSkills() authenticity/verification, authorization around tool calls, and the exact side effects and safety constraints implemented inside saveInstalledSkill() (not visible here).