setup-ralph

No explicit malware or obfuscated code is present in this SKILL.md fragment. The functionality described is coherent with its purpose (autonomous coding loop) but carries operational security risks: the loop can execute generated code and run tests locally, and by default will create and push a private GitHub repo using the user's gh-authenticated session unless disabled. This behavior can inadvertently exfiltrate secrets or proprietary code if users do not properly sandbox the loop, redact sensitive files before commits, or disable automatic backup. Recommend: ensure sandboxing for test execution, add explicit checks or prompts before creating/pushing repositories, implement secret-detection/redaction before commits, and make backup opt-in or clearly warn users at setup time.

This script is not overtly malicious: it orchestrates an AI-driven loop using the Claude CLI and can auto-commit and push workspace state to GitHub. Primary security risks are accidental data exfiltration and secret leakage: it reads an OAuth token and exports it for the claude CLI, uses --dangerously-skip-permissions, and (by default) can create and push a private GitHub repo containing the project. If the workspace or plan contains secrets, they may be sent to the Anthropic service or pushed to a remote repo. Recommend: treat backup push as opt-in (disable by default), avoid storing secrets in the workspace or plan files, ensure ~/.claude-oauth-token permissions are strict, and remove the --dangerously-skip-permissions flag unless fully understood.