autonomous-builder

No direct evidence of embedded malicious code (e.g., credential theft/backdoor/external exfiltration) is present in the provided fragment, but it specifies an agentic orchestration design with very high-risk capabilities and a runtime auto-install mechanism. The combination of untrusted task-to-tool routing, arbitrary JS/code/command execution primitives, and filesystem/DB/desktop control substantially increases misuse and supply-chain attack surface. Treat this design as security-sensitive and require strict tool gating/allowlisting, robust input sanitization, least privilege, and pinned/verified dependencies (ideally with signature/checksum validation and restricted installation sources).

SUSPICIOUS. The skill’s broad development capabilities generally match its stated purpose, and its cited external tools are mostly official. However, the autonomous supervisor loop, explicit use of `--dangerously-skip-permissions`, transitive skill/MCP expansion, and ability to execute code and publish remotely without per-action approval make it high risk for an AI agent skill even without clear evidence of credential theft or malware.