Skill

This skill appears to be a lightweight client for the external service checksafe.dev (it queries badge.json and report endpoints). Before installing, consider: - Privacy: scan_installed.sh collects local skill slugs and sends them to checksafe.dev; if you are uncomfortable exposing your installed-skill inventory, do not run the batch/scan scripts or review them locally first. - Trust the external service: the tool relies entirely on checksafe.dev. Verify the domain, TLS, and the service's privacy policy if you will send any inventory. If you need to avoid network calls, use the scripts only with explicit, manual slug names or inspect the API responses from a browser first. - Automatic pre-install: the README/SKILL.md implies automatic pre-install hooks; those are not implemented. If you expect an agent to automatically intercept 'clawhub install', additional integration would be required. - Confirm behavior: the code is readable and not obfuscated, so you can safely inspect scripts before running. If you want stronger guarantees, ask the author for an explanation of what metadata is logged server-side and for an option to run checks locally or provide an allowlist/offline dataset. Given these mismatches (especially the inaccurate claim about not sending user data), treat the skill as useful but with privacy implications — review and run the scripts manually and confirm the external service's trustworthiness before enabling automatic or broad scans.