Social Sentiment

The skill is classified as suspicious due to its instruction to install the `mcporter` binary via `npm` in `SKILL.md`. Installing packages from `npm` can execute arbitrary code during the installation process, posing a significant supply chain risk. While the skill's stated purpose and network interactions with `mcp.xpoz.ai` appear legitimate, the reliance on installing and executing an external binary via a package manager introduces a critical vulnerability that could be exploited for malicious purposes.