sleep rabbit plugin

The skill's code largely matches its security claims, but the repository contains multiple versions/duplicates (including a large alternate skill.py and an 'original' archive) and a few weak validation patterns — this mismatch raises risk and warrants review before install.

The skill appears to implement the security controls it claims (safe_outputs, 100MB limit, extension checks), but the repository contains multiple implementation artifacts (two skill.py files of different sizes and an 'original' release referenced in RELEASE_README). That is the main red flag: make sure the runtime will use the smaller/patched skill.py (the package one) and not an older unsafe copy. Before installing, do one or more of the following: - Inspect which skill.py will be imported/installed by the platform (package path). Confirm the active file contains the safe checks (grep for '100 * 1024 * 1024', 'safe_outputs', and absence of 'os.path.dirname(edf_path)'). - Run security_verifier.py and PROOF_FILE_WRITE_CONTROL.py locally in a sandbox to confirm they pass and to see what files they actually inspect. - Review edf_analysis_modules/ for any direct file write, network, or subprocess calls that bypass the security controller. - Test in an isolated environment (VM/container) and monitor filesystem and network activity while exercising commands (sleep-analyze, file-info, env-check). - If you cannot verify which code will be executed, or you find the larger/older skill.py includes dangerous behavior, do not install. If uncertain, ask the maintainer to publish a clean package that contains only the fixed implementation (single skill.py) and remove archived/original builds from the release tree.