cekura-self-improving-agent

SUSPICIOUS: the skill is largely purpose-aligned and routes data to official Cekura/Vapi services, but it has a broad operational footprint: autonomous live-agent edits, workspace file modification, and shell redeploy execution. The main security concern is high-impact automation plus a documented third-party MCP helper (`mcp-remote`) in some install paths, not obvious credential theft or covert exfiltration.