gitbackup-github-desktop

SUSPICIOUS: The skill's core behavior is mostly coherent with a GitHub backup app, and network flows target expected services. The main concern is install trust: ara.so publishes the skill, but users are told to download and run a prebuilt binary from a different GitHub publisher, plus the app handles high-value credentials and briefly embeds the GitHub token into clone URLs. This looks more like a high-risk third-party desktop tool recommendation than overtly malicious behavior.