bux-claude-agent

SUSPICIOUS. The skill's capabilities broadly match its stated purpose, but it creates a high-risk autonomous remote agent: Telegram-controlled, browser-enabled, persistent across reboots, and able to access sensitive sites. The main concern is not hidden malware but the combination of remote install-as-root, external cloud/browser data flow, and autonomous real-world actions from untrusted messages. Same-org install provenance reduces malware confidence, but overall security risk remains high.