Session Cleaner

The skill's stated purpose (cleaning .jsonl session transcripts) is plausible, but included Node and SSH scripts plus missing dependency/credential declarations and remote-cleaning behavior create coherence and privilege concerns that should be reviewed before use.

Do not install or run this skill until you inspect the code. Actions to take before trusting it: - Open session-cleaner.mjs and both .sh files and confirm they only read local .jsonl files and produce markdown; search for network operations (curl, fetch, axios, net sockets), scp, ssh, or exec/spawn calls. - Review scotty-remote.sh to see exactly what it does over SSH (does it run remote commands, copy files, or open shells?) and whether it sends data to third-party hosts. - Verify there are no hard-coded endpoints, API keys, or commands that could exfiltrate data. - Ensure you have appropriate runtime (Node.js) and run the scripts on a copy of session data in a sandboxed environment first. - If you want to allow the agent to use this skill but reduce risk, set disableModelInvocation: true or restrict model-triggering, and avoid granting SSH credentials to the environment unless necessary. If you cannot review the files yourself, request the author to provide a security/privacy description and a list of exact runtime requirements and network behaviors before use.