skill-installer

SUSPICIOUS: the stated purpose matches an installer, but the footprint is high-risk for a skill because it fetches mutable third-party code from GitHub, executes a remote shell script, and installs additional agent skills/config locally. No direct credential theft is shown, but the transitive installation and unpinned remote execution make this a high supply-chain risk.