@554/skill-installer

SUSPICIOUS: the stated purpose matches a skill marketplace installer, but the footprint is high risk because it installs other skills from third-party sources, relies on an unverified Fly-hosted gateway, and uses an unpinned npx install path. The publish flow is plausible, yet it forwards local files and auth tokens to an external gateway whose ownership is not publicly verifiable from the provided evidence.