ccp

SUSPICIOUS: the stated purpose matches profile management, but the skill’s main capability is installing and activating external skills from GitHub/registries through an unspecified `ccp` CLI. The transitive trust chain and missing provenance for the core tool make the footprint higher risk than a normal local config manager.