Claude Flow CLI

SUSPICIOUS: the skill’s broad orchestration, hook, MCP, and command-execution footprint is generally aligned with its stated purpose, but it relies on repeatedly executing a mutable third-party CLI via npx @latest and exposes high-impact autonomous and execution capabilities without clear trust or endpoint boundaries. This looks more like a powerful external tool wrapper than a narrowly scoped skill; risk is mainly supply-chain and overbroad execution, not confirmed malware.