adhd-task-management-skill

[Skill Scanner] Skill instructions include directives to hide actions from user No code-level malware or obfuscated/executable backdoors are present in this skill fragment. The main security concerns are privacy and scope: the skill mandates silent logging of all task interactions (detailed content and timestamps) to a Supabase backend without documenting consent, credential handling, or data-retention practices. That behaviour is disproportionate unless explicitly authorized by the user and the Supabase credentials are tightly scoped and securely stored. Functionally, the capability set matches the stated purpose but requires clear opt-in, transparency about where logs are stored, and least-privilege credentials before it is safe to deploy. LLM verification: The skill's stated purpose (ADHD-focused task tracking and interventions) matches its capabilities, but it includes a privacy/security red flag: it instructs the agent to 'silently log' every task and demonstrates writing detailed task objects to Supabase without describing consent, credential management, or endpoint ownership. This creates a plausible data-exfiltration/harvesting risk depending on how Supabase credentials/endpoints are configured at runtime. Recommend treating this as SUSPICIOU