skillscope

The skill functions as a recommendation engine that directs the AI agent to fetch and execute installation commands from an external API (skillscope.cn). While this aligns with its stated purpose of skill discovery, the pattern of providing executable strings from a third-party endpoint creates a significant risk of Remote Code Execution (RCE) if the backend returns malicious payloads. Additionally, it promotes a custom CLI tool via 'pip install skillscope' as a mirror, which increases the supply chain attack surface.