maoxuan-skill-cognitive-framework

SUSPICIOUS. The skill’s stated purpose is coherent and it does not request credentials or show exfiltration behavior, but it instructs installation of a third-party remote skill from a personal GitHub repo through a transitive skill-loading mechanism. That makes the main risk about supply-chain trust and inherited agent permissions, not confirmed malware.