setup-all

该 skill 的 stated purpose 与实际能力基本一致：它确实是一个“安装其他 skills”的聚合器。但其风险核心也正来自此目的本身：批量远程安装 + 自动运行子 skill + 传递 trust 到更多未审查 skill，显著扩大 agent 的执行面。未见明确凭证窃取或恶意外传证据，因此更接近高风险可疑/脆弱 skill，而非确认恶意。

No malicious code is present in this fragment itself, but it materially increases supply-chain risk by configuring multiple third-party npx-sourced skills to auto-run during install/update. The described capabilities include API-key ingestion for a networked MCP web-search integration, authentication/config “login-free” setup, and direct removal/modification of user home configuration (~/.claude.json). This warrants reviewing the referenced packages’ code—especially install scripts and any handling of environment variables, filesystem writes, and network egress—before deployment in a trusted environment.