setup

SUSPICIOUS. The main setup/check/install behavior is largely coherent for a developer tooling skill and uses expected package managers, but risk increases because installation is delegated to an unseen helper script, the skill supports unattended installs via flags, includes self-modification/reflection instructions beyond setup scope, and directs the agent to install another skill (`/itp:hooks`). No clear credential theft or exfiltration is present, so this is not malicious, but it is broader and riskier than a minimal setup skill.