blackbox

SUSPICIOUS. The skill's core behavior matches its stated purpose, and its install sources appear consistent with the Blackbox CLI ecosystem, so this is not clearly malicious. However, it delegates code and repository context to a third-party agent service, forwards an API credential to external CLI code, and includes workflows that analyze untrusted PR content with write/exec capability plus optional auto-approval. The main concern is elevated operational and data-handling risk rather than clear credential theft or hidden exfiltration.