claude-settings-audit

SUSPICIOUS. Most local repo-audit behavior is benign and aligned with the stated purpose, but the skill overreaches by recommending broad gh api access, transitive Skill(...) permissions, and a Linear MCP npx package path that does not match current official Linear documentation. The main risk is credential and trust expansion beyond a simple read-only settings audit.