secondbrain-init

SUSPICIOUS: the scaffolding purpose is mostly coherent, but the skill is over-scoped because it normalizes 'maximum freedom' Claude permissions unrelated to project setup. Official npm/VitePress use is benign; the main risk is disproportionate agent access, with added medium supply-chain risk from the optional third-party qmd tool.