gitnexus-explorer

SUSPICIOUS: The skill’s main behavior matches its purpose, but its footprint includes multiple unpinned install/execute steps and an optional public tunnel that exposes repository intelligence to external users. This looks like a real developer workflow with meaningful supply-chain and data-exposure risk, not confirmed malware.