Campaign

Name/description align with the included script and SKILL.md: the tool manages simple campaign items, status, history, and exports. It only operates on local files under XDG_DATA_HOME or ~/.local/share/campaign. Minor provenance note: the registry metadata lists no homepage/source and SKILL.md header (v1.0.0) differs from registry version (1.0.2), which is a bookkeeping inconsistency but not a functional mismatch.

SKILL.md and the script stick to the declared purpose. The runtime instructions and script only read/write files in the tool's data dir (items.txt, history.log) and produce exports; there are no commands that read unrelated system files, network endpoints, or secrets. The script appends to files in the user's data directory (expected behavior).

No install spec or external downloads are present; the skill is instruction-only with an included bash script. The script is plain text, contains no obfuscated code, and does not fetch or execute remote code, so installation risk is low.

The skill declares no required env vars or credentials (appropriate). The script uses standard environment variables XDG_DATA_HOME and HOME to locate its data directory and invokes python3 when exporting JSON. python3 is not listed among required binaries — the tool will silently fall back to emitting an empty list if python3 is not present. No sensitive credentials are requested or used.

always is false and the skill does not request persistent/system-wide privileges. It only writes files to the user's data directory and does not modify other skills, system configuration, or request elevated access.