opencontext

This skill (SKILL.md) documents a legitimate context-management tool. I found no direct malicious code or obfuscation in the provided document. The primary risks are operational: inadvertent leakage of sensitive project data to an embedding API (user must supply EMBEDDING_API_KEY and can change EMBEDDING_API_BASE), and powerful shell/tool integrations that could be misused by untrusted agents. Those risks are consistent with the described functionality and should be mitigated by user caution (don’t use production secrets for indexing, vet EMBEDDING_API_BASE, restrict which agents/tools can invoke shell commands).