octocode-cli

SUSPICIOUS: the skill’s behavior is mostly aligned with its purpose, but it asks the agent to execute a third-party personal-publisher CLI and route GitHub credentials through it without clear install provenance, pinning, or transparent credential handling for 'Octocode-stored creds'. No direct exfiltration endpoint or overtly malicious mismatch is shown, so this is not confirmed malware, but it carries meaningful supply-chain and credential-trust risk.