Promptbuddy Lite

This skill's code looks like a reasonable shell prompt-optimizer, but there are several mismatches you should consider before installing or enabling it: - The README/manifest claims 'zero dependencies' but scripts call python3. Ensure you have python3 and inspect the python scripts the shell calls. - The included install.sh requires sudo and will copy binaries to /usr/local/bin and write /etc/promptbuddy-lite/config.json. Do not run install.sh with root unless you trust the author and have reviewed the scripts. - preprocess.sh will be invoked per-message if you follow the SKILL.md flow: it writes preferences in $HOME/.openclaw/, creates /tmp/pb_last_metadata.json, and will execute collect_feedback_safe.py from $HOME/.openclaw/workspace/skills/promptbuddy-optimizer if that directory exists. That means it can run code from another skill; inspect that collector script (not included here) to confirm it doesn't exfiltrate data. - The feedback pipeline attempts to strip raw user input from metadata, but you should inspect the collector (promptbuddy-optimizer/scripts/collect_feedback_safe.py) to be sure. If you cannot review that file, consider disabling the feedback path. Recommended actions: 1) Review all included scripts locally (promptbuddy.sh, preprocess.sh, feedback.sh, install.sh) and any referenced collector scripts before running. 2) If you need to test, run scripts in a sandboxed account/container and avoid running install.sh with sudo until you are comfortable. 3) If you want the optimizer but not persistence, run the promptbuddy.sh directly from the skill directory instead of performing the system-wide install. Given these inconsistencies (zero-dep claim vs python usage, system-wide install, execution of another skill’s script), treat the skill as suspicious until you verify the external collector and are comfortable with the install behavior.