minervia-update

SUSPICIOUS: The stated purpose and permissions are broadly consistent with an update skill, but the core behavior is delegated to an unseen local shell updater and an unspecified GitHub source. There is no direct evidence of credential theft or overtly malicious behavior, yet install/update trust is not verifiable enough to call benign.