Productivity Helper #3

This skill appears to be a simple instruction-only productivity helper, but there are a few inconsistencies you should consider before installing or enabling it: - The SKILL.md allows Bash and file Read/Write tools even though the instructions don't justify needing shell access. Allowing Bash gives the skill the ability to run arbitrary local commands and access files — if you don't trust the skill, remove or restrict the Bash permission. - README.md references a GitHub repo and install commands (git clone, clawhub install) despite the uploaded bundle containing no code or install spec. That could mean the published skill is a lightweight wrapper for code hosted elsewhere — check the referenced repository and verify its contents and origin before following any install steps. - The SKILL.md includes an external link to a 'Complete setup guide' (skillboss.co). External links can lead to further installation or credential-request steps not visible in this package; inspect those pages and their domains before providing any credentials or running commands. Recommended actions: - Ask the publisher for clarification: Do they intend this skill to be instruction-only or to pull code from the GitHub repo? If the latter, request the exact repo URL and verify the code before allowing installation. - If you want to use it, run it with restricted permissions first (disable Bash, limit Read/Write to a dedicated sandbox folder) and monitor what the skill reads or writes. - Avoid granting any secrets or broad OS-level permissions. If you are not comfortable reviewing an external repo or these permissions, do not install. Confidence: medium — the package is not obviously malicious, but the mismatches and overly-broad allowed-tools justify caution and further verification.