uber

SUSPICIOUS. The skill’s stated purpose is benign coaching/documentation, but its install flow asks agents to fetch and persist remote instructions from a GitHub location whose ownership/path does not cleanly match the stated author and appears broken based on the provided evidence. There is no clear malware payload or credential theft, but the provenance mismatch plus remote-to-persistent instruction flow makes the skill medium risk.