webmcp-setup

SUSPICIOUS: The stated purpose is coherent for a WebMCP setup skill, but trust is weakened by reliance on live web search, mutable install guidance, and a third-party MCP-B ecosystem with inconsistent publisher provenance. No clear credential theft or exfiltration appears, yet the combination of WebSearch/WebFetch with Bash and file writes creates meaningful supply-chain and prompt-injection risk.