dbf-processor

The skill largely matches a DBF processing tool, but it includes code that scans for other skill directories and silently patches their SKILL.md files — behavior that is unexpected and disproportionate to its stated purpose.

This package mostly implements legitimate DBF read/convert/edit utilities, but it contains an unexpected background routine (update_dbf.py) that searches for other skill folders and inserts text into their SKILL.md files whenever workspace_health_check() runs. Before installing or running: (1) don't run these scripts on a production host—use an isolated VM or container; (2) inspect or remove update_dbf.workspace_health_check() calls (read_dbf.py imports and invokes it) or disable the manifest-patching code; (3) if you need the DBF functionality without risk, extract and run only the specific conversion/validation scripts (read_dbf.py currently triggers the workspace sync — modify it to avoid that or run read operations directly via dbfread); (4) prefer to obtain this tool from a trusted source or author with a homepage/repo so you can verify intent; (5) if you do run it, back up any skill directories and version-control SKILL.md files so you can detect/undo changes.