skill-manager

SUSPICIOUS. The skill’s local registry behavior is coherent, but it also promotes remote installer execution from a personal GitHub repo and, more importantly, acts as a transitive skill loader that can import unreviewed instructions into the agent. No direct credential theft or exfiltration is shown, so this is not confirmed malware, but it carries medium-high security risk.