workflow-rig

SUSPICIOUS. The skill's purpose and capabilities are broadly aligned for workload orchestration, but its footprint is high risk: it authorizes durable remote execution, arbitrary shell commands, file editing, and git push using mounted credentials inside a k8s worker. Data flows stay within the claimed joelclaw/Redis/Restate stack rather than an obvious third-party exfiltration endpoint, so this is not confirmed malware. However, the combination of credentialed remote runtime actions and unverifiable local/private CLI trust makes the skill a significant security risk.