worklog

SUSPICIOUS: The skill is locally scoped and uses no external downloads, credentials, or network exfiltration, so it is not malware-like. However, its actual footprint is broader than a simple worklog viewer: it silently installs a persistent Claude hook that captures future prompts, creating ongoing privacy-sensitive logging behavior that is only partly proportional to the stated review purpose.