skill-cli

This skill is a support/admin CLI that legitimately requires API tokens to access Front, Inngest, and Linear. I found no evidence of obfuscated code, direct download-and-execute chains, or hidden exfiltration endpoints in the provided text. However, the functionality concentrates high-value credentials and includes powerful write/destructive operations and a raw API passthrough. Operational patterns in the examples (piping results into xargs to bulk-archive) can enable large-scale destructive changes or accidental data exposure if run with active credentials or in an automated agent context. The primary risks are credential mishandling, unauthorized use of personal API keys, and accidental bulk operations rather than insider malicious code in this fragment. Recommended mitigations: avoid storing tokens in source control, use scoped tokens with least privilege for CLI use, require explicit confirmation for bulk/destructive commands, and limit use of raw API passthrough in automated contexts.