crxhub-cli

SUSPICIOUS. The purpose is coherent, and GitHub is the expected backend, but the skill's core action is executing an unverifiable bundled binary under an authenticated GitHub CLI context. That makes the install/execution trust disproportionate to the simple extension-management task and creates meaningful credential and supply-chain risk.