Change Verification

This skill appears to be a legitimate change-verification playbook for network devices, but there are packaging gaps you should resolve before installing or using it in an automated agent: - Confirm how SSH credentials and device access are provided. The SKILL.md assumes SSH/SCP but the skill declares no required env vars or primary credential. Do not expose reuse of unrelated credentials — prefer per-scope, least-privilege keys/accounts. - Decide where archived configs will be stored and how SCP credentials are supplied and protected. The instructions reference scp:// endpoints but don't declare them; storing configs on untrusted servers risks exfiltration. - Understand the write operations and rollback commands: they are powerful and marked as WRITE, so require explicit human approval and change-ticket enforcement if the agent will execute them autonomously. - If you plan to let an agent invoke this skill automatically, restrict its ability to perform writes until you have tested the procedures in a safe environment and provided explicit credential handling (e.g., ephemeral session keys, vault integration). - Ask the author/maintainer (or your security team) to update the skill packaging to declare required binaries (ssh) and expected environment variables or secret references, and to document any external endpoints used for archival. If these questions are answered and credential handling is implemented with least privilege and auditability, the skill's content is reasonable for its stated purpose. Otherwise treat it as risky to run in automated or high-privilege contexts.