The Agent Skills Directory

[SAFE]: No malicious patterns or security risks were identified during the analysis of the skill and its referenced documentation.
[EXTERNAL_DOWNLOADS]: The skill downloads the Kokoro MLX model from HuggingFace and installs standard Python packages (mlx-audio, soundfile, numpy) via uv. These references target well-known services and are required for the skill's primary purpose.
[COMMAND_EXECUTION]: The skill executes a bundled installation script (scripts/kokoro-install.sh) to automate the setup of the virtual environment and local file deployment.
[DATA_EXFILTRATION]: Network requests are made to the official Telegram Bot API (api.telegram.org) to verify credentials and fetch updates, which is the intended behavior for configuring a Telegram bot.
[CREDENTIALS_UNSAFE]: The skill provides instructions for users to store sensitive tokens in a local secrets file. It adheres to security best practices by recommending restrictive file permissions (chmod 600/700) to protect this data.

full-stack-bootstrap