arch-optimization

What to check and do before installing/running: 1) Inspect and edit filesystem paths: Search all core/, tests/, and examples/ for hard-coded paths like '/home/kali' or '~/workspace'. Replace them with a safe, explicit directory you control (e.g., a temp directory) or make them configurable. Tests will create, write and delete files; do not run them against your real home or production directories. 2) Run in an isolated environment: Execute tests and examples inside a disposable container, VM, or chroot where file writes are acceptable and cannot touch important data. 3) Grep for network calls / hidden endpoints: Even though the visible files show no external upload, scan the entire codebase for http(s), fetch, net/socket usage, hard-coded hostnames, or telemetry endpoints before giving it network access. 4) Backup and review: If you plan to integrate into a live agent, review core/unified-api.js and transport-layer.js to confirm behavior for retries, fallback, and where logs/stats are written. Back up any directories that might be overwritten. 5) Limit privileges: Run with a user account that has limited permissions for the directories used by the skill. Avoid running as root. 6) Ask for provenance: The source is 'unknown'. Prefer code from a known maintainer or canonical repository. If possible obtain the package from the project's official release/repo and verify checksums. If you want, I can: - point to exact lines/files where the hard-coded paths appear, - produce a short patch to parameterize the inbox/outbox paths, or - search the codebase for network calls and report findings (I can do that if you grant me the rest of the files or ask me to scan specific files).