mcp-skill-gen

SUSPICIOUS: the stated purpose is coherent, but the skill has meaningful risk from a raw GitHub pipe-to-shell installer, external CLI execution against arbitrary MCP endpoints, and copying local config files into generated artifacts. No clear credential theft or malicious exfiltration is shown, but install trust and data-handling are broader than ideal for a skill generator.