install

SUSPICIOUS: the skill’s purpose is coherent and mostly local, but trust is weakened by unverifiable local toolkit scripts, unseen Python dependencies, and a likely publisher mismatch in the suggested Context7 MCP install command. No clear credential theft or exfiltration is present, so this looks more like medium supply-chain and trust risk than malware.