dev-dashboard

SUSPICIOUS. The stated purpose is plausible, but the skill's core behavior depends on unseen installer/check scripts and executing a returned shim path with full Bash access. No external provenance, package source, or verification is provided for the installed commands, so the install chain is not trustworthy from the supplied evidence. No direct credential theft or external exfiltration is visible in the provided text alone.