disk-hygiene

This skill is coherent with its stated purpose and does not contain indicators of malware or credential harvesting. The primary risk is operational: it contains and documents destructive filesystem commands (rm -rf, docker system prune -a, package cache purges, tool uninstalls) that can irreversibly remove user data if executed without explicit, informed user consent. If the agent enforces interactive AskUserQuestion confirmations and does not run the documented cleanup blocks automatically, the skill is appropriate. If the agent can execute the provided bash cleanup blocks without confirmation, that is a dangerous behavior requiring mitigation.