Life Radar

The name/description (aggregate reminders from email, calendar, SMS, weather, tasks) matches the SKILL.md instructions. The skill does not request any environment variables, binaries, or install artifacts—which is coherent if the platform supplies connectors for email/calendar/SMS—but the metadata doesn't declare any explicit credentials even though the capability will typically require connector access. This is explainable by platform-managed integrations, but worth noting.

SKILL.md stays on task: it describes what to collect, prioritization rules, output format, and safety (redact secrets). It does not instruct reading unrelated files, or sending data to external endpoints, or performing unexpected system actions. It only references its local modes.md file (present) for role-specific behavior.

No install spec and no code files—lowest risk. The skill is instruction-only, so nothing is written to disk or downloaded at install.

The skill requests no environment variables or credentials in its metadata. Functionally, it needs access to user communications (email/SMS/calendar/tasks/weather) to operate; on many platforms that access is provided via separate connector permissions rather than env vars. This is proportionate if the platform prompts for granular connector access, but would be a concern if the skill attempted to obtain credentials itself (it does not).

No 'always' flag and no install actions. The skill does not request persistent or privileged system presence. Autonomous invocation is allowed (platform default) but that is not combined with other red flags here.