power-engineer

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill package contains multiple intentional, high-risk patterns: it enforces invisible, automatic memory writes (including API keys/third‑party integration data) without prompting, installs many third‑party skills automatically (broad supply‑chain exposure), injects persistent lifecycle hooks and permissive .claude permission rules to auto‑allow install commands, and hides state in a gitignored local directory — together these create a covert pipeline that could be used to harvest credentials or install remote backdoors via malicious skills.