The Agent Skills Directory

[SAFE]: The skill implements a local-first architecture where inventory data resides at ~/.config/swapit/. Access to these directories is restricted using chmod 0700 to prevent unauthorized local access.
[SAFE]: An optional synchronization feature allows users to share generic knowledge facts with the author's 'Commons' server. This process is gated by a robust anonymizer that uses an allowlist approach and a recursive forbidden-field scanner to ensure no private inventory data (such as item names, rooms, or quantities) is transmitted.
[SAFE]: The live dashboard server in server.py binds specifically to the 127.0.0.1 address, preventing the dashboard from being accessed over the network.
[SAFE]: The report generator in report.py and the dashboard template utilize HTML escaping and safe DOM properties like textContent to mitigate the risk of cross-site scripting (XSS).
[SAFE]: The synchronization client enforces the use of HTTPS for remote endpoints to protect data in transit, while allowing HTTP only for local self-hosting scenarios.

swapit