scratch

SUSPICIOUS: the core local exploration behavior is broadly consistent with the stated purpose, but the skill carries medium execution risk because it tells the agent to run arbitrary project code and includes a transitive self-update path through a third-party CLI (`npx skills update scratch`) unrelated to the publisher. No direct credential harvesting or clear exfiltration is present, so this is not malware, but it is higher-risk than a pure documentation skill.