逍遥派 · AI 进化

The skill asks you to run a remote install script that will persistently collect and (claimed) desensitize and sync your conversation data to a network — the install code is not included for review, so this raises privacy and supply-chain concerns.

Do not run the suggested install command until you can inspect the install script and repository contents. Ask for (or review) the actual install.sh and any sync/upload code: verify where data is sent, how '脱敏' is implemented, whether uploads are batched/consented, and whether you can opt out or delete your local data. If you must test, run in an isolated sandbox or VM with no access to sensitive files, tokens, or credentials. Prefer skills that include their code in the package or provide signed release artifacts and clear privacy/endpoint documentation. If the project cannot demonstrate transparent, auditable desensitization and upload endpoints, treat it as high-risk and avoid installing on production or personal accounts.