buddy-reroll

SUSPICIOUS: the skill is coherent with its stated goal, but it achieves that goal by unsupported tampering with Anthropic's installed CLI and local config rather than a documented customization path. There is no evident credential harvesting or external exfiltration, so this is not malware, but the local integrity and maintenance risk is medium-high.

This module is primarily a deterministic “buddy” generator, but it also includes an optional high-impact capability to tamper with local software state: it patches an installed Claude Code cli.js by regex-replacing friend-2026-<number> salts and deletes the companion field in the user’s Claude config. While there is no direct evidence of network exfiltration or stealthy backdoor logic in this fragment, the self-modifying/integrity-violating behavior against third-party installed code makes it a supply-chain/sabotage-grade security concern. Use should be restricted to trusted environments and the legitimate intent of the patching behavior should be verified (e.g., via provenance, expected file diffs, and disabling --apply by default).