ralph-orchestrator

SUSPICIOUS. The skill’s capabilities largely match its stated purpose as an autonomous coding orchestrator, but it normalizes high-risk behavior: disabled permission checks, unattended background execution, broad shell/git/write authority, and external model/data flows. This looks more like an intentionally powerful automation skill than malware, yet its operational footprint is risky enough to classify as suspicious/high-risk rather than benign.