You MUST use this for gathering contexts before any work. This is a Knowledge management for AI agents. Use `brv` to store and retrieve project patterns, dec...
Security Analysis
medium confidenceThe skill's instructions align with a local knowledge-management workflow, but it references installing an unverified npm package and sending project data to configurable LLM providers (including an ambiguous default), so there is a non-trivial risk of third-party code or data exfiltration that isn't justified or verifiable from the package metadata provided.
The name/description (knowledge management for AI agents) matches the SKILL.md: it instructs the agent to use a CLI (brv) to read/write a local .brv/context-tree and to query/curate project memory. No unrelated capabilities are requested in the skill metadata.
SKILL.md is explicit about actions: run brv query/curate, optionally connect an LLM provider, and only read up to 5 files from the project root. It instructs the agent to send included file contents to the configured LLM provider. The 'MUST use this before any work' language is prescriptive but not itself a technical issue. The CLI is relied upon to enforce path restrictions—those guarantees come from the external tool, not from the skill code.
The skill is instruction-only but tells users to run `npm install -g byterover-cli`. The registry metadata includes no source/homepage and there is no install spec in the manifest, so the npm package origin and contents are unverified. Installing a globally-published npm package from an unknown author is a moderate-to-high supply-chain risk and is disproportionate without provenance or review links.
The skill declares no required env vars and no credentials in the manifest, which is proportionate. However, SKILL.md shows workflows that accept API keys (e.g., `brv providers connect openai --api-key sk-xxx`, `brv login --api-key sample-key-string`) and exposes a default provider called 'byterover' with 'no API key needed' — it's unclear whether queries will go to a remote ByteRover service by default. Users could end up sending project data to an external LLM; that behavior is plausible for the tool but should be treated as sensitive.
The skill does not request special platform privileges, does not set always:true, and does not claim to modify other skills or system configuration. It recommends creating/using a local .brv/context-tree, which is a reasonable, scoped persistence model.
Guidance
This skill appears to be a locally-oriented knowledge-management helper, but before installing or using it: 1) do not blindly run `npm install -g byterover-cli` — inspect the npm package page and source repository (look for homepage, repo, maintainer info, recent activity, and license). 2) Treat any LLM provider connection as sending your project data to an external service; avoid connecting cloud providers or using `brv push` for sensitive code unless you trust the service. 3) If you must try it, run the CLI in a sandboxed environment or on a non-sensitive project to observe behavior. 4) Prefer using a provider you control (local LLM or a vetted API key) and never paste secrets/API keys into commands until you verify where they are sent. 5) If you want a higher assurance verdict, provide the byterover-cli package URL or its source repository so the install payload can be inspected.
Latest Release
v2.0.0
Version 2.0.0 - Major overhaul of documentation: unified guidance, streamlined explanations, and revised quick reference. - Removed separate troubleshooting and workflow files; key guides are now integrated directly into SKILL.md. - Expanded usage scenarios, best practices, and error handling within the main documentation. - Added clear step-by-step setup, command usage, and context management workflows. - Clarified local vs. cloud features and authentication requirements for all commands.
More by @byteroverinc
Published by @byteroverinc on ClawHub
