lev-cdo

This SKILL.md is a documentation file describing a local discovery tool (lev-catalog) that searches and loads SKILL.md files from directories under the user's home. There are no indicators of malicious behavior in the text: no remote downloads, no credential harvesting, no exfiltration endpoints, and no obfuscated payloads. The primary operational risk is that the workflow relies on executing a local Node CLI (node ~/lev/workshop/poc/lookup/cli.js); running that script executes arbitrary code from the user's repository and therefore requires trust in the repository's provenance. If the repository is untrusted or pulled from an external source without verification, executing the CLI could be dangerous. Overall this document appears benign and coherent with its stated purpose, but users should treat the local CLI as code to audit before running.

The artifact is a non-malicious orchestration specification describing disk-backed, multi-agent workflows. It contains no explicit obfuscated code, no direct download-and-execute chains, and no hardcoded credentials in the provided text. However, it exposes meaningful supply-chain and data-exfiltration risks in realistic deployments: unpinned/unvetted transitive skills, ambiguous BD backend interactions and credential handling, persistent artifact storage without redaction/encryption/permission guidance, and potential for command-injection if an orchestrator constructs shell commands with unsanitized inputs. Recommended mitigations: vet and pin all referenced skills, forbid writing secrets/PII to artifacts or implement redaction and secret-scanning, require authenticated, least-privilege BD credentials with secure storage, use ephemeral encrypted artifact stores with strict FS permissions, and mandate safe APIs (avoid shell interpolation) for CLI operations. With operational controls applied the package can be used safely; without them it represents a moderate supply-chain/data risk.