starter-cleaner

This skill's stated purpose (cleaning a starter template by removing example directories and monorepo/config artifacts) aligns with the capabilities described (deleting files and editing config). There are no declared network downloads, credential requests, or third‑party proxies in the document, which reduces classic supply-chain/exfiltration concerns. The primary risk is the destructive filesystem operations: if the actual clean.js script lacks path sanitization, whitelists, confirmations, dry-run mode, or backup/rollback, it can cause unintended permanent data loss. Because the implementation of the script is not provided, I cannot confirm whether safe-guards are implemented. Recommend: review the clean.js source before running; require an explicit interactive confirmation, provide a dry-run and backup option, and ensure deletions are strictly limited to expected relative paths. Overall: purpose and capabilities are coherent, but operational risk is medium due to destructive actions and lack of visible safeguards.