Claude Buddy Card

The skill extracts sensitive Claude OAuth tokens directly from the macOS Keychain using the 'security' command and uses them to query the Anthropic API for the user's account UUID. While the stated purpose is to generate a deterministic 'Buddy Card' using a local algorithm (scripts/buddy-algorithm.js), the programmatic extraction of live credentials is a high-risk behavior that could be easily repurposed for exfiltration. No evidence of intentional data theft was found, but the reliance on Keychain access and the 'leaked source' narrative warrant caution.