nu

The provided description describes potentially dangerous behaviors (auto-installation and persistent env.nu modifications) that could affect user environments. While there is no evidence of malicious code in the fragment itself, the described flows should be reviewed in any real implementation for explicit user consent, reversibility, auditable changes, and restricted installation scopes to mitigate supply-chain and persistence risks.

SUSPICIOUS: the skill's purpose mostly matches its behavior, but it broadens trust to the third-party x-cmd ecosystem, uses official yet risky remote installer patterns, and persists by editing Nushell config. Data flows appear proportionate and not overtly exfiltrative, so this is not malicious, but it carries medium supply-chain and persistence risk.