setup-ralph

This script is not overtly malicious: it orchestrates an AI-driven loop using the Claude CLI and can auto-commit and push workspace state to GitHub. Primary security risks are accidental data exfiltration and secret leakage: it reads an OAuth token and exports it for the claude CLI, uses --dangerously-skip-permissions, and (by default) can create and push a private GitHub repo containing the project. If the workspace or plan contains secrets, they may be sent to the Anthropic service or pushed to a remote repo. Recommend: treat backup push as opt-in (disable by default), avoid storing secrets in the workspace or plan files, ensure ~/.claude-oauth-token permissions are strict, and remove the --dangerously-skip-permissions flag unless fully understood.