skill-tester

The module itself is a benign script-runner utility and does not contain direct malicious logic. However, it intentionally executes arbitrary scripts and can inject a Python startup shim into child interpreters; both behaviors make it potentially dangerous when used on untrusted code. The primary supply-chain/sabotage risk is that this tool will execute whatever scripts are present under the provided path (which could be malicious) and will log captured outputs and file creation metadata. Use only on trusted code or in a secure sandbox. If capture_api is enabled, review any api_logger shim implementation because it will run inside child Python processes.