Expert project manager for ADHD engineers managing multiple concurrent projects. Specializes in hyperfocus management, context-switching minimization, and parakeet-style gentle reminders.
Security Analysis
medium confidenceThe skill's guidance expects integrations (Slack, calendar, GitHub/webhooks, schedulers) and active monitoring, but the package requests no credentials or installs — plus the SKILL.md contains prompt-injection indicators; these inconsistencies merit caution.
The skill describes active integrations (Slack DMs, calendar API, GitHub webhooks, scheduling) and runtime behaviors (monitoring commits/DND, sending reminders). Yet the registry metadata declares no required env vars, no config paths, and no install steps. Realistically those capabilities need API tokens/URLs and webhook setup; the absence of any declared credentials or integration configuration is an incoherence.
SKILL.md and reference files contain explicit instructions to call functions like send_slack_dm, schedule_task, schedule_followup_checkin, prompt_user and to read calendar/events/commit activity. Those are actionable runtime operations that go beyond passive advice — they require network access and credentials. The instructions do not declare how those functions will be provided nor constrain what data may be read or sent.
There is no install spec and no code files executed by the platform; this lowers file-system/write risk. The included reference files contain example code snippets, but nothing in the package automatically downloads or installs external code.
The skill clearly expects access to external services (Slack, calendar, GitHub, optional time-tracking), yet requires.env is empty and no primaryEnv is declared. If the skill were to be granted tokens later, it should request minimal, narrowly-scoped credentials (e.g., a Slack bot token limited to sending DMs). As-is, the spec gives no justification for how credentials would be supplied or limited.
always:false (normal). The skill allows autonomous model invocation (default). Autonomous invocation combined with networked integrations would increase blast radius, but autonomy alone is expected for skills. If you grant service credentials, consider the implications of enabling autonomous runs that can send messages or schedule actions without per-invocation approval.
Guidance
This skill reads like a design + implementation guide for an automated reminder/monitoring system, but the package declares no credentials or install steps — that's a mismatch. Before installing or enabling it: - Ask the publisher for the source repository and a security/privacy description (what APIs it will call, exactly which tokens are required, and why). - Do not provide broad tokens (full workspace/admin). If you must supply credentials, use least-privilege service accounts (Slack bot scoped only to sending DMs, calendar read-only where possible). - Inspect SKILL.md for hidden unicode/control characters (the scan found them); view the raw file to ensure there are no obfuscated instructions. - Confirm how 'send_slack_dm', 'schedule_task', webhooks, and 'prompt_user' are implemented in your environment — these are referenced but not provided. - If you plan to let the skill run autonomously, test it in a sandboxed account/workspace first and audit outgoing messages and scheduled actions. If the owner cannot explain the missing integration configuration or provide a canonical source repo, treat the skill as untrusted and do not grant credentials or enable autonomous invocation.
Latest Release
v1.0.0
Project Management Guru for ADHD Engineers – Initial Release - Provides ADHD-optimized project management guidance, focusing on managing multiple concurrent projects and minimizing context-switching. - Introduces hyperfocus management protocols, including rules for interruption, recovery, and self-care reminders. - Implements "parakeet-style" gentle reminders with escalating urgency for deadline awareness. - Outlines best practices for task chunking, promoting micro-tasks and dopamine-driven progress feedback. - Highlights key anti-patterns to avoid, such as shame-based accountability and meeting sprawl. - Emphasizes flexible, supportive workflows tailored for neurodivergent engineers.
More by @mikecourt
Published by @mikecourt on ClawHub
