cm

The fragment itself is documentation and does not contain executable malware. The primary risk is the recommended remote installer pattern (curl ... | bash) which can execute arbitrary code if the upstream script is compromised. Additional concerns center on how API keys and LLM integrations are handled at runtime, and potential exposure via misconfiguration of cross-agent features (MCP server, remote history). The mitigations described (checksums, secret sanitization, opt-in privacy) are positive but cannot be independently verified from the fragment alone. Recommend restricting installers to signed packages or verified binaries, implementing strict log redaction for API keys, and validating MCP cross-access controls before enabling remote history or server exposure.

SUSPICIOUS. The skill’s purpose broadly matches its capabilities, but its trust model is weakened by a raw GitHub curl|bash installer from a personal repo and by sending potentially sensitive session history to external LLM providers for reflection. No clear evidence of outright malware or credential theft, but the install path and untrusted-content-to-LLM flow make it a medium/high-risk skill.