self-improving-agent

SUSPICIOUS. The core behavior is mostly aligned with the stated purpose of turning local patterns into reusable skills, and there is no direct credential harvesting or remote payload execution. However, the skill relies on an unverified delegated agent and references transitive install/publish commands without clear provenance, so the trust boundary extends beyond what is documented.

The configuration itself is small and not overtly malicious, but it instructs automatic execution of a package-supplied shell script (./hooks/error-capture.sh) which can perform any action available to the invoking user. This is a medium-to-high supply-chain risk until the referenced script is reviewed and its behavior validated. Treat the hook as potentially dangerous: do not allow it to run in sensitive environments without inspection or sandboxing.