claude-companion

SUSPICIOUS: the basic purpose—delegating work to official local agent CLIs—is coherent, but the GLM mode materially changes data flow by routing prompts and a token-bearing config through third-party Z.AI. The permissive passthrough of tool permissions and temporary secret-on-disk handling make the skill higher risk than a simple local companion wrapper.