ralph

The described skill is coherent with its stated purpose (scaffolding and running an autonomous coding loop). The content does not contain obvious malicious code, hard-coded credentials, or obfuscated constructs. However, the workflow copies, chmods, and executes a local shell script (ralph-loop.sh) whose contents are not provided — this is a material supply-chain/execution risk. Treat templetes/ralph-loop.sh as untrusted until inspected. Run initial executions in an isolated environment and verify template integrity. The package is not demonstrably malicious, but running the opaque script without review presents a moderate security risk.