pr-mining-coordinator

SUSPICIOUS. The stated PR-mining purpose is plausible, but the skill’s main execution path reads a GitHub token from macOS Keychain and forwards it to an unverified local miner script with unspecified network behavior. That credential-forwarding plus unverifiable dependency provenance makes the footprint disproportionate to a coordination skill and drives high security risk, though the text does not by itself prove confirmed malware.