cli-anything

SUSPICIOUS. The skill's general purpose is coherent, but its key differentiator—the CLI-Anything harnesses—has a publisher/provenance mismatch and vague executable install path. Standard brew/npm tools are normal, yet the repo-to-PATH harness installation is insufficiently verified and raises meaningful supply-chain risk without clear evidence of malicious intent.