community-publish

SUSPICIOUS: the core capabilities mostly match the stated community-sharing purpose, but the skill performs real-world public publishing actions and routes code publication through a gateway service whose public ownership/provenance is less clear than the branded domain. This is not confirmed malware, but it carries meaningful security risk from outbound code transfer, public posting, and ingestion of third-party community project content.