cmux-delegate

SUSPICIOUS: the skill is coherent with its stated purpose and shows no obvious credential-harvesting or third-party exfiltration, but it materially increases operational risk by spawning autonomous child agents with dangerous approval-bypass modes by default and harvesting their full output. Main concern is autonomy and delegated action scope, not malware or supply-chain deception.