github-project-contributor-finder-api-skill

SUSPICIOUS. The skill is internally coherent and does not show classic malware or installer abuse, but it routes GitHub discovery through a third-party BrowserAct service and is explicitly aimed at collecting contributor contact/social data for recruiting and lead generation. Risk is moderate due to third-party credential forwarding and intermediary data collection, not confirmed malicious behavior.