auto-updater-skill

The skill's documentation claims an official auto-updater but provides no installer source, no provenance, and instructs running elevated installers and installing persistent daemons — the pieces don't line up and warrant caution.

Do not run or install this auto-updater based only on this skill entry. Before proceeding you should: 1) obtain official release URLs or an official project homepage (this entry lists none and the contact domain looks suspicious), 2) require cryptographic signatures or checksums (GPG/sha256) for any installer or offline zip, 3) verify the publisher identity (official repo or vendor account), 4) prefer installers distributed via trusted channels (GitHub releases, vendor site) and inspect those artifacts before running them as admin, and 5) if you need auto-update functionality, request an install spec or packaged artifact in the registry so the platform can validate provenance. Additional information that would raise confidence: a verifiable homepage, signed release URLs, published checksums/signatures, and an install spec pointing to a known release host.