infsh-cli

SUSPICIOUS. The skill is broadly coherent with its stated purpose and uses same-org infrastructure, so it is not clearly malicious. However, it combines a curl|sh installer, transitive skill installation, broad bash-enabled CLI use, automatic local file uploads, and autonomous X/Twitter posting, making the overall footprint higher risk than a normal single-purpose model wrapper.

No direct malware is evidenced in the provided fragment because it contains only installation/authentication instructions. The primary concern is supply-chain risk from executing a network-fetched installer via `curl ... | sh` without demonstrated integrity verification or pinning. Credential-handling behavior is not shown; therefore storage and secret-leakage risks cannot be confirmed or ruled out from this snippet alone. Review and verify the actual distributed CLI/installer code and enforce integrity controls before use in sensitive environments.