integrate-mcp

SUSPICIOUS: the skill's purpose is plausible, but its actual footprint is too broad and trust-heavy. It fetches arbitrary external content, guides installation/execution of third-party MCPs via npm/pip/git/npx, and forwards user credentials into those integrations without a meaningful verification step. This looks more like a transitive installer for unreviewed external agents than a simple marketplace helper.