verification-and-quality-assurance

[Skill Scanner] Installation of third-party script detected The fragment presents a coherent, purpose-aligned skill for verification and quality assurance with automated rollback. It is plausible and consistent for a project aiming to enforce high-quality code through truth scoring and automated gates. Potential risk areas include reliance on an alpha tool (claude-flow) and Windows-specific path references that may affect portability; ensure fallback options and environment-agnostic paths are provided. Overall, the footprint is BENIGN with moderate caution warranted due to external tool dependency and rollback semantics. LLM verification: No explicit malicious code or obfuscation is present in the provided skill description. However, the skill requests broad local filesystem access (including D:\Projects\*), automatic code extraction from existing projects, and programmatic rollback capabilities — combined with runtime download via npx — create a high-risk operational footprint if misused. Without strict scope limits, signed installers, and explicit, auditable reporting endpoints, this skill is SUSPICIOUS: it is coherent with its