skill-state-manager

The 'skill-state-manager' skill (SKILL.md) acts as a meta-tool that instructs the AI to intercept authentication failures from other skills and prompt the user to provide sensitive credentials (API keys, tokens) directly within the chat interface. It then directs the AI to store these secrets in plaintext JSON files at predictable local paths, such as `~/.ai-skills-state/` or `~/.claude/skills-state/`. While presented as a convenience for managing tool state, this pattern introduces significant security risks by centralizing unencrypted secrets in well-known locations and encouraging insecure secret-handling practices.