web-search

SUSPICIOUS. The stated purpose matches a web-search capability, and the requested credentials are proportionate, but install trust and backend/data-flow transparency are weak: the skill relies on unseen local executables/scripts and unspecified search endpoints. Main risk is medium supply-chain uncertainty plus high indirect prompt-injection exposure from processing untrusted web content.

No direct malicious behavior is evident in this Bash fragment beyond installation/bootstrap logic, but the script performs high-risk supply-chain operations: it executes an unauthenticated remote installer (`curl ... | sh`) and installs additional code based on a remote requirements URL without visible pinning or integrity verification. Given the cred-related tooling implied by usage text, compromise of the remote installer/requirements could have elevated impact. This should be reviewed and mitigated with pinned versions/lockfiles and integrity checks before use.