auto-evolution

This module is primarily an execution dispatcher for local bash hooks. While the snippet itself shows no direct malicious networking or credential theft, it unconditionally runs local scripts from a hidden path and passes tool input/output/exit code into them, which can materially increase the chance of sensitive data exposure or malicious processing depending entirely on capture.sh and reflect.sh. Review and verify those scripts (including outbound connections and data handling) and ensure their integrity before trusting this package.

SUSPICIOUS. The skill's learning/memory purpose matches local hook-based capture, and no external install or outbound endpoint is shown, so it is not confirmed malicious. However, it silently captures broad tool inputs/outputs, persists them across sessions, and can generate new skill drafts from that data, which is a proportionate-but-sensitive capability that raises medium risk until the local scripts are reviewed.