cli-anything-chromadb

SUSPICIOUS. The skill's capabilities match its stated ChromaDB-management purpose and its data flow appears limited to the ChromaDB API, but the install trust is weak because the CLI is a third-party wrapper from HKUDS/CLI-Anything rather than an official Chroma distribution path, and the claimed PyPI package could not be verified from the checked URL. This is a supply-chain risk more than evidence of malware.