github

SUSPICIOUS: The stated purpose is coherent for a GitHub management skill, and GITHUB_TOKEN access is expected. Risk comes from install/execution trust and unverifiable data flow: the skill uses a local Bun wrapper plus an embedded third-party mcporter path that does not match GitHub’s official MCP installation guidance, while the actual script is absent, so token routing and endpoint integrity cannot be confirmed.