skillgrade-setup

SUSPICIOUS: the stated purpose is coherent, but the core workflow depends on installing an unverified external CLI and then forwarding powerful LLM API keys and workspace content to it. No clear malicious endpoint is shown, yet install provenance and credential-routing are not sufficiently established, making this a high supply-chain and credential-forwarding risk.