find-skills

Purpose and capabilities mostly align, and the documented CLI appears official, but the skill’s core function is to discover and install other skills from potentially broad third-party sources. That transitive trust chain and the documented global non-interactive install flow make it suspicious/high-vulnerability rather than benign, though there is no strong evidence of direct malware or credential theft in this skill alone.