asc-xcode-cloud

SUSPICIOUS: The skill’s capabilities largely match its stated Xcode Cloud purpose, but it routes sensitive App Store Connect credentials through a non-Apple third-party CLI and enables real CI actions. The publisher relationship for `asc` appears verifiable and open-source, so this is not confirmed malware, but the install/auth trust and credential-forwarding footprint make it medium risk.