ntm

This SKILL.md describes a powerful tmux-based multi-agent orchestration tool whose documented features broadly match the stated purpose. However, several design choices raise supply-chain and local-execution risks: the recommended curl|bash install from a personal GitHub repo, command_hook support for arbitrary shell commands, robot-mode features that export files and session snapshots, and example configs that explicitly recommend bypassing safety/sandboxing for agent CLIs. These features are plausible for this type of tool but are high-risk and could be abused for credential or source-code exfiltration or to execute arbitrary commands if the install source or hooks are compromised or misconfigured. I rate this as SUSPICIOUS — not proven malware, but significant security risk that requires hardened install practices, strong defaults (no dangerous flags, no auto-execution of hooks, explicit opt-in for file exports), and clear documentation about what is sent to external endpoints.