wiki-init

No direct malware indicators are visible in this installer snippet (no credential theft, reverse shell, or arbitrary command execution). The primary security concern is supply-chain trust: it installs skill/instruction content from an unpinned remote GitHub raw URL without integrity verification, meaning upstream changes could alter the installed behavior. It also modifies the user’s ~/.claude/CLAUDE.md to persistently register a /wiki-init trigger and makes a background telemetry ping to a third-party endpoint. Risk is therefore moderate due to remote-content integrity and persistence, not due to explicit malicious functionality in the shown code.