capawesome-app-store-publishing

SUSPICIOUS: The skill is largely purpose-aligned and uses an official same-org npm CLI, so it does not look malicious. However, it has medium risk because it routes highly sensitive Apple/Google publishing credentials through Capawesome’s CLI/cloud and enables consequential app-store publishing actions by the agent.