slipbox

SUSPICIOUS: The skill is broadly aligned with its stated knowledge-management purpose and uses official GitHub APIs for reading, but it routes note content and a bearer token through a custom Vercel-hosted SlipBox service that also appears to mediate writes to PrivateBox. That intermediary design is proportionate to the product concept yet creates medium risk because the server-side processing and credential handling are opaque.