when-releasing-new-product-orchestrate-product-launch

SUSPICIOUS: The skill’s broad orchestration behavior generally matches its stated purpose, and the claude-flow dependency appears to be a real same-lineage project rather than an obvious malware dropper. However, it delegates extensive execution authority to a third-party CLI and Claude Code hooks, includes offensive security actions, and enables consequential autonomous actions like deployment and campaign launch, making the overall security posture medium-to-high risk rather than benign.