github-workflow-automation

This SKILL.md describes a powerful GitHub automation tool that legitimately needs access to the repository, GitHub CLI, and runner capabilities to perform workflow generation, PR/issue creation, and deployments. However, its heavy reliance on runtime installs via npx/npm (including an unpinned 'alpha' package), instructions to pass secrets/env into third-party code, and numerous autonomous write actions (create PRs, deploy, auto-fix) raise substantive supply-chain and privilege-abuse concerns. The document itself contains no explicit malicious code, backdoors, or obfuscated payloads, but the patterns (download-and-execute, transitive installs, credential exposure, autonomous writes) are high-risk in CI environments. I recommend treating the package as suspicious: require pinned, audited releases; run in least-privileged contexts (no broad write permissions); restrict network egress from runners; and manually review the claude-flow/ruv-swarm packages and their dependencies before granting secrets or enabling auto-execute features.