actrun-init

SUSPICIOUS: the skill's purpose and capabilities mostly align, but it asks the agent to install and trust an external CLI via a pipe-to-shell path, pass secrets into that CLI, and optionally schedule recurring workflow execution. This looks more like a high-risk developer tooling skill than clear malware, with the main concerns being install trust, credential exposure to actrun/workflow steps, and broad local code execution.