claude-reflect

SUSPICIOUS. The stated local self-learning purpose mostly matches the file-editing behavior, but the skill is internally inconsistent about needing authentication/API access, and current install evidence points to a third-party skill-manager trust chain rather than an official same-org distribution path. No clear exfiltration or confirmed malicious behavior is present, so this is better classified as a medium-risk community skill than malware.

This snippet itself contains no explicit malicious logic, but it introduces a meaningful supply-chain execution risk by automatically running two local shell scripts from `${CLAUDE_PLUGIN_ROOT}/scripts/` during `PreCompact` and around git commit activity. The security posture cannot be confirmed without reviewing the referenced shell script contents and ensuring the plugin root/scripts are integrity-protected and not tamperable at install/runtime.