Security audit
summit entertainment
Security checks across malware telemetry and agentic risk
Overview
The skill's code, hooks, and instructions are consistent with a self-improvement logging helper and do not request unrelated credentials or perform network downloads — behavior matches the stated purpose.
This skill appears to do what it says: provide short reminders and help capture learnings to local .learnings/ files. Before enabling it, consider: (1) The activator and error-detector are opt-in hooks — only enable them if you trust the workspace/user config. (2) The error detector reads CLAUDE_TOOL_OUTPUT which may contain sensitive command output; keep the policy to redact secrets and avoid automatic logging of full transcripts. (3) scripts/extract-skill.sh will create files under the current workspace; it contains checks to prevent absolute/../ paths but review the target path before running. (4) Review/adjust file permissions (chmod +x) only if you trust these scripts. If you want to be extra cautious, install the skill in a sandboxed or project-level workspace (not a global/user-level settings file) and inspect .learnings contents before promoting entries to shared workspace files.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
