plannotator

SUSPICIOUS: the core plan/diff review purpose is coherent, but the skill's footprint is broader than a simple reviewer because it installs a remote CLI via plannotator.ai, modifies multiple agent configs, and supports underspecified sharing/export paths. The biggest issue is install trust and transitive plugin setup, not confirmed malware or obvious credential theft.

The script is a typical installer wrapper with optional integration setup. The major security concern is the remote installer execution via curl | bash, which can run unverified code from an external source. This is a high-risk pattern (source-to-sink path) and should be mitigated by using verified installers, checksums/signatures, or downloading to a file and running with explicit verification. Otherwise, the script itself contains no overt malicious behavior, but relies on external remote code that could compromise the system if the remote source is compromised.