ui-widget-developer

SUSPICIOUS. The core MCP/widget development purpose is coherent, and most tooling/routes align with official Microsoft/OpenAI/MCP ecosystems. However, the skill materially raises risk by mandating autonomous installs/provisioning, persistent background processes, and especially transitive plugin installation through an only partially verified marketplace/GitHub path. This looks more like a high-trust developer automation skill than malware, but its execution and trust footprint is broader than a minimal documentation skill.