find-skills

The skill's stated purpose (discovering and installing agent skills) aligns with its workflow of querying a registry and enabling installations. However, the footprint introduces notable security concerns: it facilitates transitive, unverifiable installations from an external registry, relies on npx to fetch code without verifiable integrity guarantees, and includes brittle post-install cleanup that could disrupt environments. These factors collectively render the skill Suspicious with medium-high risk. If used in production, tighter controls (verified registries, checksum verification, explicit user consent for each installation, and a safer cleanup process) would be advisable.