thinking-model-enhancer

What to consider before installing: - The skill appears to do what it claims: Python modules implement model selection, memory storage, metrics, and a CLI entrypoint. It will create and use ~/.claude/thinking_models to store snapshots, indices, and metrics — expect persistent local files. - Review SKILL.md and all code yourself (or in a safe environment). A prompt-injection pattern was detected in the SKILL.md content; that could try to change the agent's behavior or instructions. Do not run the skill with autonomous privileges until you are comfortable with the full SKILL.md and source. - The docs include publishing/login commands (clawdhub login / publish). Those are for publishing and will open a browser for auth; you don't need to run them to use the skill. Avoid running publishing flows unless you intend to publish and trust the origin. - Network behavior: the SKILL.md encourages searching external sources (ClawHub/GitHub); the visible code uses only standard library and local filesystem. Verify the omitted/truncated files for any HTTP/remote endpoints before allowing network access. - Recommended safe steps: 1) Inspect all source files (including the truncated ones) for outbound network calls, hard-coded endpoints, or subprocess invocations. 2) Run the initialization script in a sandbox/throwaway account to confirm it only creates ~/.claude directories and config.json. 3) If you must run it on your main environment, back up important data and restrict the agent's filesystem/network access if possible. 4) Do not grant this skill 'always:true' or persistent elevated privileges until code and docs are fully reviewed. If you want, I can: (A) list the specific files/lines that mention external access or subprocesses (if you provide the omitted file contents), or (B) point out exact SKILL.md locations of suspicious instructions so you can edit them before use.