onboarding

SUSPICIOUS: the core setup behavior is coherent with onboarding, and the Bun installer appears official, but the skill expands scope with profiling from local session history, broad permission pre-grants, and autonomous scheduled tasks. Risk is medium rather than malicious because data mostly stays local and no clear credential-harvesting or attacker exfiltration endpoint is present.