strava

SUSPICIOUS: the skill’s functionality matches Strava usage, but it relies on a curl-piped installer from a personal GitHub repo and forwards Strava API credentials to a non-official CLI. Without verifiable provenance, this is disproportionate install and credential risk for the stated purpose.