luzia

The package will execute bundled Node scripts during install and uninstall. This is a legitimate pattern for setting up runtime assets, but it carries moderate risk because those scripts run with the installer's privileges and could perform malicious actions (data exfiltration, modifying files, creating hooks, running remote code). Inspect install-skill.js and uninstall-skill.js before installing or run installation in a sandboxed environment.