GraphQL Data Federation Agent

SUSPICIOUS: the fragment is mostly a marketplace installer for a remote skill, not a transparent GraphQL federation implementation. The biggest issue is transitive skill installation plus provenance mismatch between the claimed source (`graphql/graphql-js`) and the actual distributors (`agentskillexchange/skills`, `clawhub`). No direct credential theft or exfiltration is shown in the provided text, so this is better classified as a supply-chain and trust-boundary risk than confirmed malware.