mcp-cli

The skill is SUSPICIOUS due to its heavy reliance on downloading and executing a remote script (curl | bash) from a non-official package source to install a CLI. This constitutes a clear supply-chain risk and potential credential/data exposure if the installer is compromised. While the stated purpose (direct MCP CLI testing) is plausible, the installation and data-flow pattern do not align with secure, code-reviewed development practices. Recommend replacing the install approach with a verifiable, signed package from an official registry or repository, pinning checksums, and clearly delineating data flows and permission scopes before enabling autonomous execution.