Istore Build Passwall

The skill bundle requests a high-privilege GitHub Personal Access Token (PAT) and uses it to perform a destructive 'git push --force' in SKILL.md, which can overwrite the user's repository content. It also programmatically modifies repository settings to grant write permissions to GitHub Actions. The included workflow (build-passwall.yml) fetches binaries from a third-party SourceForge project (openwrt-passwall-build) and packages them into a self-extracting .run script for execution on a router, presenting a significant supply chain risk without clear evidence of malicious intent.