AgentMemory

The skill is classified as suspicious primarily due to the instruction to `npm install -g agentmemory-cli` in `SKILL.md`. This command introduces a significant supply chain risk, as a globally installed npm package can execute arbitrary code during installation or runtime, potentially leading to malicious execution or data exfiltration if the package is compromised or malicious. While the skill includes defensive instructions against API key exfiltration to unauthorized domains, the reliance on an external, globally installed package represents a high-risk capability without clear malicious intent within the provided files.