protect-mcp-setup

SUSPICIOUS: the stated governance/audit purpose is plausible, but the skill relies on broad always-on hook interception plus unpinned third-party plugin/npm execution from inconsistent publishers. No direct exfiltration is shown, yet the supply-chain and transitive trust risks are high enough to treat this as risky setup code rather than benign low-risk documentation.