Proxmox Full

Name/description match the requested tools: curl, jq and a Proxmox API token (PVE_TOKEN) are reasonable for a REST-API-based Proxmox management skill. However the runtime instructions require PVE_URL as an environment variable but the registry metadata does not declare PVE_URL as a required env — a small but important inconsistency.

Instructions are explicit curl calls to the Proxmox REST API and reference only PVE_URL and PVE_TOKEN (no unrelated file or system access). Concerns: (1) examples use curl -k/--insecure to skip TLS verification (this weakens security and may encourage insecure deployments); (2) the setup guidance suggests creating an API token with 'uncheck Privilege Separation' which implies granting broad privileges—this encourages using overly-powerful credentials; and (3) the SKILL.md contains example plaintext passwords and token examples (expected for examples but could lead to user copy-paste of insecure defaults).

Instruction-only skill with no install spec and no code files — lowest install risk (nothing is downloaded or written by an installer).

The declared primary credential (PVE_TOKEN) is appropriate for Proxmox API access. However the instructions also require PVE_URL but that env var is not declared in the metadata. The guidance to create broad tokens (disable privilege separation) is disproportionate to principle of least privilege — the skill does not justify requiring a full-cluster token versus a more limited token for specific operations.

always:false and no install/persistence requested. The skill can be invoked by the agent (normal), but it does not request permanent presence or modify other skills/configs.