image-upscaling

SUSPICIOUS. The core purpose and data flow are mostly coherent for remote image upscaling, and the official belt installer has meaningful verification signals. However, the skill’s primary onboarding relies on an unverifiable transitive skill install reference (`belt-sh/cli`) not confirmed by official docs, plus additional skill-to-skill installs and broad Bash scope. This looks more like elevated supply-chain/trust risk than confirmed malware.