loki-mode

[Skill Scanner] Installation of third-party script detected This skill is functionally consistent with its stated purpose (fully autonomous PRD->production orchestration) but contains multiple high-risk design choices that make it suspicious for supply-chain security. The primary risks: (1) explicit instruction to bypass permissions, (2) enforced zero-human-in-the-loop behavior, (3) broad read/write access to persistent state that likely contains sensitive information, and (4) routing of project context and files to multiple external model endpoints and runtime downloads (npx), without mandatory redaction or provenance/integrity checks. These factors create a credible path for credential harvesting or data exfiltration, accidental destructive actions, or supply-chain abuse if an external model or package is compromised. I rate likelihood of intentional malware as low (no direct obfuscated malicious code present), but the operational configuration and privileges create a high security risk if used in production without strict gating, auditing, and human approvals. LLM verification: The skill's stated purpose (fully autonomous, zero-human multi-agent orchestrator) aligns with the capabilities described at a high level (reading local state, dispatching agents, deploying). However, the manifest contains multiple high-risk operational and design choices: requiring --dangerously-skip-permissions, forbidding human confirmation, allowing execution of run.sh and writes to persistent .loki memory, and lacking explicit credential/endpoint handling or least-privilege controls. There