tiktok-warmup

No explicit malware behavior is shown in this fragment; it is an automation/orchestration prompt. The main risk is supply-chain and operational integrity: the workflow relies on high-privilege credentials (Supabase service role), delegates behavior to local protocol/rule files, and can perform authenticated mutations (Airtable PATCH) and automated repository changes with possible auto-merge. External Telegram escalation adds a side-channel for metadata. The security posture hinges on integrity of the referenced protocol/rules and the least-privilege/guardrails in the agent tooling, which are not included in this snippet.

SUSPICIOUS: the skill is internally consistent for TikTok account warmup and management, but it carries elevated risk because it automates social-platform actions, handles several sensitive credentials, includes anti-detection/ban-evasion guidance, and instructs a transitive skill update on load. I see no clear credential-harvesting endpoint or hidden exfiltration behavior in the provided text, so this is not confirmed malware.