Use pipx to install uv instead of piping curl to bash

- Install uv via Ubuntu package manager (pipx) for security
- Avoids piping curl to bash which is a security concern
- More reliable and verifiable installation method
- Auto-installs pipx via apt if not already present
- Update documentation to reflect package-based installation

Co-Authored-By: Claude <noreply@anthropic.com>

.claude/skills/ck-build-analysis

@@ -168,8 +168,15 @@ docker cp "${SCRIPT_DIR}/templates" "${CONTAINER_NAME}:/tmp/ck_build_analysis_te
 
 # Check if uv is available, install if needed, and use for PEP 723 dependency management
 if ! docker exec "${CONTAINER_NAME}" bash -c "command -v uv >/dev/null 2>&1 || test -x \$HOME/.local/bin/uv"; then
-    echo "uv not found, installing..."
-    docker exec "${CONTAINER_NAME}" bash -c "curl -LsSf https://astral.sh/uv/install.sh | sh" >/dev/null 2>&1
+    echo "uv not found, installing via pipx..."
+    docker exec "${CONTAINER_NAME}" bash -c "
+        # Install pipx if not available
+        if ! command -v pipx >/dev/null 2>&1; then
+            apt-get update -qq && apt-get install -y -qq pipx >/dev/null 2>&1
+        fi
+        # Install uv via pipx
+        pipx install uv >/dev/null 2>&1
+    "
     echo "uv installed successfully"
 fi
 

.claude/skills/ck-build-analysis.md

@@ -134,11 +134,13 @@ The analysis script (`analyze_build_trace.py`) is PEP 723 compliant with inline
 
 **No manual setup required!** The first time you run the skill, it will:
 1. Detect if `uv` is installed in the container
-2. If not, automatically install it (takes ~5 seconds)
+2. If not, automatically install it via Ubuntu packages (pipx install uv)
 3. Use `uv run` to execute the analysis with auto-managed dependencies
 
 On subsequent runs, `uv` will already be available and dependencies will be cached.
 
+Installation is done through Ubuntu's package manager for security and reliability.
+
 ### Components
 
 - **ck-build-analysis** - Main bash script that orchestrates Docker, CMake, and analysis