wzrrd-publish

SUSPICIOUS. The skill’s stated purpose and file-upload behavior are coherent, but its trust model is not: it requires installing an unverifiable CLI through an unpinned curl|bash script, and that CLI later handles login-derived tokens and uploads user files. With no verified official repo, registry package, checksums, or release history in the provided evidence, the install and credential-forwarding risks are disproportionate.