harvest

SUSPICIOUS: the stated purpose and local file operations are broadly coherent for knowledge consolidation, and the skill text shows no explicit credential capture or external data routing. However, it relies on an unverifiable `ao` CLI with no confirmed official install or release provenance in the provided evidence, which creates a significant supply-chain trust gap.