ralph

SUSPICIOUS. The skill’s looping and DoD-verification behavior matches its stated purpose, but it relies on an unverified external CLI and grants broad autonomous execution with persistent prompt storage and subagent recursion. I found no confirmed credential theft or overt exfiltration, so this is better classified as high-risk/vulnerable rather than malware.