Recall

This skill appears to do what it claims (scan your workspace memory files and synthesize a timeline), but there are a few red flags you should consider before installing or enabling it: - Missing graph script: The SKILL.md calls python3 ${CLAUDE_SKILL_DIR}/scripts/generate-graph.py to build the visualization, but the package contains no scripts. If you need the graph feature you must supply that script or confirm where the agent should get it. - Broad file access: The skill's runtime instructions tell the agent to read memory/, SESSION-STATE.md, and 'any notes in the workspace' with shell commands (cat/grep). That will give the skill access to any files in those paths, which may include secrets or sensitive data. Consider running the skill only in a restricted/isolated workspace or reviewing files you keep under memory/ first. - Ambiguous paths and variables: The use of ~/[workspace], ${CLAUDE_SKILL_DIR}, and other underspecified locations could cause the agent to search unexpected directories. Confirm how your agent resolves those variables or edit the SKILL.md to use explicit, safe paths. - Optional dependencies: The doc suggests installing @qmd/cli for semantic search — installing global npm packages runs third-party code. Only install such tools from trusted sources. Recommendations: 1) Ask the skill author (or the publisher) for the missing graph script or remove/disable graph-related instructions. 2) Test the skill in a disposable or sanitized workspace (no secrets) first to observe exactly what files it reads/writes. 3) If you do not want automatic scanning of your entire workspace, avoid giving the agent autonomous invocation or restrict the skill's use to manual, user-invoked runs. 4) Consider adding an explicit allowlist of memory/ file paths in the SKILL.md before enabling it in a production workspace. Given the clear mismatch (documented functionality that depends on non-existent code and underspecified path handling), treat this package with caution until those inconsistencies are resolved.