The Agent Skills Directory

[SAFE]: The skill is a specialized synchronization utility intended to push local files to a specific, hardcoded GitHub repository (git@github.com:lijigang/ljg-skills.git). This behavior matches the stated purpose of the skill.
[COMMAND_EXECUTION]: The script uses standard shell commands including git, rsync, and sed to perform file operations and versioning. Argument parsing is handled safely via a case statement, minimizing the risk of command injection.
[EXTERNAL_DOWNLOADS]: The skill clones its target repository from GitHub. This is a functional requirement and targets a specific repository belonging to the author's workflow.
[DATA_EXFILTRATION]: While the skill transmits data to an external server (GitHub), it is restricted to specific files matching the ljg-* pattern in the ~/.claude/skills/ directory, which is the explicit intent of the synchronization tool.
[SAFE]: The skill includes a local notification feature that makes POST requests to localhost:31337, which is a common pattern for local developer notifications and does not pose a network security risk.
[SAFE]: No obfuscation, persistence mechanisms, or malicious prompt injection patterns were detected in the skill files.

ljg-push