ccw-chain

SUSPICIOUS: the skill’s purpose as an orchestrator is plausible, but its actual footprint is broad and trust-poor. The main concerns are an unverified external chain_loader dependency, wildcard Skill(*) and Bash(*) permissions, transitive execution of other skills, and auto-confirming delegated actions. No direct credential theft or exfiltration is shown, but the orchestration model creates high execution-trust risk.