widgets-ui

SUSPICIOUS. The skill's purpose and examples are coherent for declarative UI rendering, and there is no sign of credential theft or malicious data routing. However, it includes transitive skill installation and unpinned remote registry installs, which increase supply-chain risk beyond what is strictly necessary for a widget-rendering guide.