configure-notifications

SUSPICIOUS: The core purpose is coherent for native Discord/Telegram/Slack config, but the skill’s footprint expands materially with arbitrary custom webhook and CLI gateways. The biggest concerns are persisted arbitrary command execution, forwarding session data through third-party local CLIs/services, and storage of notification secrets in a local config file. Not confirmed malware, but broader and riskier than a narrowly scoped notification setup.