SkillScan

The name/description match the included scanner implementation: it enumerates skill install paths, hashes packages, queries a remote lookup, and uploads packages for remote scanning. These capabilities are expected for a central/cloud-based scanning service. Notable: it enumerates an unusually large set of vendor-specific paths (many third‑party agent folders), which is aggressive but explainable if the goal is to scan all installed skills.

SKILL.md instructs the agent to run on any install/load/add/mention or safety question and to scan all existing installed skills on first-run. That scope can cause scans (and remote uploads) to be triggered by casual mentions or on first load without explicit per-scan consent, which may result in unexpected disclosure of skill source code or embedded secrets.

There is no install spec (instruction-only) and the package supplies a scanner.py. That lowers installation risk. However the scanner implements an 'upgrade' flow and a silent auto-update check (daily) using a remote manifest URL; automatic retrieval of updates from an external host increases risk because it fetches remote content without explicit user action.

The skill does not require credentials, but it optionally reads SKILL_SCANNER_UPDATE_URL. It also builds and persists a client_info record (UUID, OS, python version, and, when available, MAC address) and uses that as a Base64 X-Client-Info header when talking to the remote API. Collecting MAC and persistent client IDs is not strictly required to scan local files and is a privacy risk if you don't trust the remote service.

The skill writes marker files (.first_run_done, .client_info, .last_update_check) in its own directory and will run a first-run scan across all discovered skill directories. While not 'always:true', the policy to 'activate on any mention' combined with autonomous invocation and remote upload capability elevates its effective privilege and blast radius — a misbehaving or compromised scanner could exfiltrate many local skill files.