Inbox Capture Agent

The skill's stated purpose (silently capturing user ideas) is plausible, but its instructions request filesystem/network writes and external credentials without declaring needed config or permissions and mandate silent capture—these mismatches and privacy risks are concerning.

This skill silently logs any user utterance that looks like an idea and may write it to a local file or external service. Before installing, ask the author to: (1) explicitly declare the INBOX_PATH and any required credentials (doc_token, notion page_id, filesystem paths) and how those secrets are supplied/stored; (2) explain consent and privacy: why captures are silent, whether users can opt out, and how sensitive data is handled and purged; (3) provide concrete behavior boundaries (which channels are monitored, whether private messages are excluded); (4) provide the actual code or an auditable implementation (or a permission-limited wrapper) so you can verify writes only go where you expect. If the author cannot clarify or refuses to require explicit opt-in and declared permissions, do not install this skill on agents that handle sensitive conversations.