omc

The skill presents a coherent concept: a multi-agent orchestration framework for Claude Code with persistent loops and team-based execution. The described installation paths, optional external AI provider integrations, and notification endpoints are broadly consistent with the stated purpose. However, several risk signals emerge: exposure of credentials in configuration (Telegram/Discord tokens), use of global npm installs for external CLIs, and potential data exfiltration through notification endpoints. The combination of autonomous execution modes and third-party tool integrations raises security concerns that warrant careful credential handling, access control, and source verification. Overall, the footprint is suspicious to moderately high risk but not conclusively malicious. Treat as suspicious with mitigations: pin dependencies, avoid plaintext credentials in config, require explicit per-action user approvals for autonomous modes, and audit external CLI installations.