moyu-journal-auto

The skill requests high-risk permissions, including local filesystem access and the ability to scan sensitive user data such as browser history and calendar events to track 'slacking' activities. While the stated intent is a humorous productivity tool, the broad access to personal history and instructions to generate deceptive 'disguised' work logs (SKILL.md) pose a significant privacy risk. No explicit data exfiltration logic was found, but the scope of data access is excessive for the described purpose.