Description-Behavior Mismatch
Medium
- Confidence
- 94% confidence
- Finding
- The metadata markets the skill as 'Fully local — no API keys, no cloud, zero cost,' but later documents a remote Ollama mode over SSH to a GPU server. This is a material security-relevant inconsistency because users may assume data never leaves the local machine when the documented architecture can support remote processing, changing the trust boundary for vault contents and embeddings.
