clip-skills

SUSPICIOUS: The documented behavior is coherent for a local skill-registry manager and shows no credential theft, exfiltration, or remote API proxying. Risk comes from unverifiable `clip` CLI provenance and the transitive trust created by installing arbitrary skills into agents; absent official publisher/install evidence, this should be treated as medium risk rather than benign.