Back to skill

Security audit

Phy Planning With Files

Security checks across malware telemetry and agentic risk

Overview

The skill's behavior mostly matches a file-based planner, but the SKILL.md references scripts and template paths that are not included (no install or code files), and its runtime hooks will execute shell/python commands against your filesystem — this mismatch and implicit filesystem/script execution merit caution.

This skill is an instruction-only planner that expects helper scripts and templates to exist in specific home/plugin paths, but those scripts are not included in the package. Before installing or enabling it: 1) Verify whether the referenced scripts (e.g., ~/.claude/skills/.../scripts/session-catchup.py and ${CLAUDE_PLUGIN_ROOT}/scripts/check-complete.sh) and templates actually exist on your system and inspect their contents — they would be executed. 2) If you do not have those scripts from a trusted source, do not grant the agent Bash/Read/Write privileges or run the skill, because hooks will execute commands that can access and modify your files. 3) Prefer skills that either bundle needed scripts or document a trusted install process; ask the publisher for the missing artifacts or a clear install guide. 4) If you proceed, restrict the agent's tool permissions (deny Bash/WebFetch unless necessary) and run in a sandboxed/project directory or a disposable environment. Additional info that would increase confidence: the actual script files and templates referenced by SKILL.md, or an official install spec linking to trustworthy releases.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.