specmint-core

SUSPICIOUS. The core purpose is coherent for spec management, and local file access to `.specs/` plus OpenAPI generation is proportionate. Main concerns are transitive skill installation, external-content-driven research feeding a write-capable coding workflow, and some autonomous implementation behavior. No clear credential harvesting, exfiltration endpoint, or fundamentally incompatible capability was found.