watch-cli-video-agent

SUSPICIOUS. The skill's capabilities largely match its stated video-analysis purpose, and the requested tools/API keys are mostly proportionate. However, the install path relies on an unpinned raw GitHub pipe-to-shell script with repo clone/pull behavior instead of a versioned, verifiable release, which creates medium supply-chain risk. Cookie use for login-walled content is purpose-related but expands sensitivity because session cookies may be exposed to external tooling and target platforms.