databricks-app-apx

This SKILL.md contains guidance and CLI commands for scaffolding, running, testing, and deploying Databricks APX applications. Functionally it is coherent with its stated purpose and does not contain code-level malware indicators (no hardcoded secrets, no eval/execution of obfuscated payloads, no direct reads of credential files). The primary risks are supply-chain and operational: unpinned git-based installs and recommended third-party CLI installs expand the attack surface, and the APX MCP log-collection behavior could send application and browser logs (which may include sensitive data) to a remote MCP service without explicit privacy controls described here. Overall there is no clear malicious intent, but moderate supply-chain and data-flow risks exist and operators should pin installs, verify sources, and ensure logs are sanitized before sending to remote services.