x-cmd

SUSPICIOUS: the skill's stated purpose matches its behavior as a bootstrapper, but it is high-trust infrastructure rather than a narrow utility. The main concerns are official-but-risky remote installation, broad execution surface via third-party tool installs, and transitive skill loading through `x skill`. No clear credential theft or covert exfiltration is shown in the provided content.