Is lukethomas14/personality safe?

The skill's sole functional output is directing users to install one of 32 sub-skills published under the 'crystal-project-inc' namespace via 'npx skills add crystal-project-inc/personality-ai --skill [name]'. The skill author is 'lukethomas14' but the install target is a different publisher. This creates a supply chain risk: the personality skill itself is clean, but it acts as a trusted gateway to sub-skills that have not been audited here. A malicious actor controlling the crystal-project-inc namespace could use this skill to distribute malicious sub-skills after the parent skill gains user trust.

The skill instructs the agent to initiate conversation immediately upon loading without waiting for the user to ask — 'don't wait for them to prompt you'. This modifies default agent behavior and could feel intrusive or override user-directed conversation flow.

The skill instructs the agent to recommend running 'npx skills add' commands as the terminal action of every quiz flow. While the skill itself contains no executable code, it consistently steers users toward executing an npm package that installs unreviewed sub-skills. This is the intended design but introduces a code-execution pathway contingent on user action.

The skill includes a direct link to crystalknows.com/sales within agent output. While this is an informational referral link rather than a data-sending mechanism, it represents embedded commercial promotion that will be rendered to users without their explicit request.

The git clone operation produced only expected network traffic to GitHub (140.82.121.4:443). No unexpected outbound connections, DNS lookups to attacker-controlled domains, or post-install beacon behavior detected.

All canary files (.env, id_rsa, AWS credentials, npmrc, Docker config, GCloud credentials) were confirmed intact. File access events for these paths in audit logs are attributable to the audit harness's pre/post integrity checks, not to skill content.