Auto-Optimizer

Key things to consider before installing/using: - Validate the source: the registry metadata lacks a homepage and shows an unknown owner; if you clone the repo, inspect the code (auto-optimizer.sh and SETUP.md) locally before running. - Expect undeclared dependencies: the docs/scripts require git, bc, jq and an LLM CLI (claude). The claude CLI will normally need Anthropic API credentials; these are not declared in the skill metadata. Do not supply cloud API keys unless you trust the code and understand where requests go. - Run in an isolated test repo first: the tool will git init/commit and may change files. Test demos only in a temporary directory (e.g., /tmp) to observe behavior and outputs. - Review arbitrary command execution: the script runs user-provided metric commands and may exec other commands. Treat metric commands and evals as potentially executing arbitrary shell code — do not point it at repos containing secrets or private keys. - Network exposure: example workflows mention lighthouse, curl, and external APIs; expect outbound network traffic if you use those features or the claude CLI. If you must run it, consider network restrictions or observability (e.g., run in an environment you monitor). - If you want to proceed: (1) inspect auto-optimizer.sh for any hard-coded endpoints or unexpected behaviors; (2) run demos in /tmp to confirm there is no exfiltration; (3) avoid running it in repos containing secrets or credentials; (4) only provide LLM/API credentials after manual code review and preferably in a limited-scope account. Given the undocumented LLM dependency and the repository-modifying, arbitrary-execution nature of the tool, treat this skill as potentially risky until you've manually audited the code and confirmed the origin.