project-builder

SUSPICIOUS: the core engineering purpose matches most capabilities, and there is no obvious malware, installer abuse, or credential-stealing code in the provided text. However, the skill is broad and routes external API/LLM activity through an unverifiable internal `sc-proxy` while also enabling publishing and scheduled execution, so its data-flow and action scope are wider than a narrowly scoped build helper.