plan-manager

SUSPICIOUS. The skill’s stated purpose and capabilities are coherent for local plan tracking, and there is no sign of credential theft or exfiltration. However, its core functionality relies on an undocumented local home-directory script with unverifiable provenance, which creates a high trust/supply-chain risk disproportionate to the lack of source verification.