tensorlake

No direct malware is evidenced in the workflow YAML alone, but it creates a meaningful security/supply-chain risk surface: it installs an unpinned external npm CLI during CI, symlinks repository content into external tooling’s skill directory, and provides a live ANTHROPIC_API_KEY to repository-executed scripts. A definitive malware assessment requires reviewing the executed evals/*.py scripts and the referenced SKILL.md content, plus considering whether the eval runner allows unintended task selection based on user/repo-derived IDs.