agent-ui

SUSPICIOUS: The core purpose is coherent, and the API key/proxy flow generally matches an agent UI product. However, the skill expands trust through remote registry code installation and explicit transitive skill installation, with an unverifed `belt-sh/cli` path not clearly documented as the official install route. Risk is driven more by supply-chain and transitive trust than by confirmed malicious behavior.