napkin

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill creates a persistent, stealthy backdoor by requiring the agent to read and silently apply directives from a hidden per-repo file (.claude/napkin.md) every session with no disclosure — this enables covert, persistent instructions that an attacker could use to exfiltrate data, steal credentials, or execute arbitrary actions.