Skill Box

The 'digital-life' skill bundle requests high-privilege permissions, including 'Bash' and 'browser(profile="user")', to scrape sensitive personal data from authenticated social media sessions (WeChat, Weibo, GitHub, etc.). While the stated intent is philosophical 'digital archaeology' and the instructions in SKILL.md and the layer0/ files emphasize local processing and privacy, the capability to programmatically access logged-in browser profiles and manage local files represents a significant security risk. No explicit evidence of malicious exfiltration or backdoors was found, but the broad access to private user data and system tools fits the criteria for a suspicious classification.