pr-miner

The skill’s stated purpose is coherent, and its visible network flow targets official GitHub services. However, the critical mining path depends on opaque local Python executables with no verifiable provenance while using repo-scoped GitHub credentials, making this high security risk and suspicious rather than clearly malicious.