typescript-expert

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) BENIGN: The skill fragment is a coherent, legitimate TypeScript expert workflow specification. It outlines analysis, validation, and migration guidance, with no observed malicious data flows or credential access. It does not install or execute untrusted payloads within the fragment itself; any risk depends on how a user executes the included commands in their environment. LLM verification: This skill is functionally coherent and matches its stated purpose (TypeScript expert). It does not contain embedded malware or obfuscated payloads. However, it encourages execution of developer tooling via npx/npm and includes destructive shell examples (rm -rf). Those patterns create supply-chain and accidental-destruction risk: npx can fetch and execute remote packages and rm -rf can delete files if copy-pasted. Overall the artifact is not malicious but poses a moderate supply-chain / operati