The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to run a Python script at $CLAUDE_PROJECT_DIR/.claude/scripts/tldr_stats.py. Executing scripts from the local filesystem that are not included in the skill distribution is a security risk as the logic remains unvetted. It could perform unauthorized file access or network operations under the guise of generating statistics.\n- [DATA_EXFILTRATION] (LOW): The skill handles sensitive session data, including API costs and token usage. While the stated purpose is monitoring, the lack of script source means it cannot be confirmed that this data is not being exfiltrated to a third party.

tldr-stats