auto-skill
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to manage its state and track session activity. It creates and removes marker files in
~/.claude/and.claude/to handle global and project-specific toggles. It also performs local file system audits of existing skills to prevent duplicate creation. - [REMOTE_CODE_EXECUTION]: The skill provides two bash scripts (
evaluate.shandtrack-tools.sh) that the user is instructed to register asStopandPostToolUsehooks in the agent's configuration. These scripts execute locally on the host machine to automate session analysis. The scripts are transparent, human-readable, and perform only the documented tracking and logging functions. - [DATA_EXPOSURE]: It maintains a local log file (
~/.claude/auto-skill/pending.log) containing session metadata, working directory paths, and tool usage statistics. This data remains on the local file system and is used to surface suggestions to the user during session synchronization.
Audit Metadata