mcp-cli-tool

SUSPICIOUS: the skill’s purpose is coherent, but its footprint is broader and riskier than a simple CLI guide. The main concerns are the third-party `curl|bash` installer, credential forwarding into arbitrary MCP servers, and agent-oriented automation that can execute external tools and process untrusted remote content. Not confirmed malware, but medium-high supply-chain and credential-handling risk.