code-simplifier

This package runs a postinstall script that likely performs network fetches and runtime installation actions. That pattern is high-risk: the installer can execute arbitrary JS on the machine, download and run remote code, and perform telemetry or destructive actions. You should treat this as suspicious until install-skill.js is reviewed. Recommended actions: inspect the exact contents of install-skill.js and uninstall-skill.js before installing; verify any remote URLs used (ensure HTTPS and pinned checksums or signatures); run the installation in an isolated environment if needed; and look for telemetry, credential access, or execution of untrusted code.