swarming

SUSPICIOUS. The stated orchestration purpose broadly matches the behavior, but the footprint is high-risk because it drives autonomous multi-agent execution, installs trust in a transitive worker skill, and relies on an unverifiable third-party `bv` CLI outside the main Beads publisher. I see no clear credential theft or hidden exfiltration, so this is not confirmed malware, but the supply-chain and autonomy risks are substantial.