Reflect

Name/description match the included scripts and docs: detecting signals, proposing edits, creating new skills, and updating agent files. However, the skill declares no env/credentials while expecting to read and modify ~/.claude agents, create files under ~/.claude/.skills and run git — a high-privilege scope that is functionally justified by the purpose but broader than many users may expect.

SKILL.md and scripts explicitly instruct reading transcripts, scanning logs, writing learnings, creating skills under .claude/skills, and running git add/commit via Edit/Bash tools. That behavior is consistent with the stated goal but grants the skill permission to permanently change many user/global agent files and state. The skill also provides hook installation that can trigger auto-reflect on context compaction — potentially altering behavior across sessions.

No external install spec or remote downloads are used; this is an instruction-plus-local-scripts package. Scripts list a Python dependency (pyyaml) but there is no automated installer that fetches arbitrary remote code. This lowers some install risk, though the shipped scripts will execute locally.

The skill requests no environment variables or credentials, which is appropriate. However it expects access to user files and directories (e.g., ~/.claude/, ~/.reflect/, .claude/skills/) and to run shell commands. Those accesses are necessary to implement its purpose but are high-privilege and should be explicitly accepted by the user.

always:false (good), but the skill is designed to make permanent edits to global agent files, create skills, and commit them to git. It also includes optional hooks that can run on PreCompact events and an 'auto-reflect' mode that can be enabled. These capabilities give it long-term, cross-session impact, so enablement and human approval processes should be reviewed before allowing it to run with write/edit privileges.