asc-code-signing

SUSPICIOUS: The skill’s capabilities align with Apple code-signing management, but it routes sensitive App Store Connect credentials through a third-party CLI and enables high-impact account changes. Because the tool appears same-publisher, source-available, and purpose-consistent, this is not confirmed malware; the main concerns are third-party credential handling, medium supply-chain trust, and autonomous destructive actions if run without explicit approval.