mmk-threads-posts

SUSPICIOUS. The stated capability is coherent with a Threads-posts skill, and the described data flow matches official Threads API concepts. However, the skill's trust boundary depends on an unverifiable `mmk` CLI and a hidden shared auth skill, and the wildcard `mmk *` shell permission is broader than necessary. Main concern is install/provenance uncertainty, not confirmed malicious behavior.