tinker
Diagnoses and repairs autoloop bootstrap failures for registered loops, ensuring they fire correctly and efficiently.
Install this skill
or
80/100
Security score
The tinker skill was audited on Jun 3, 2026 and we found 4 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 36
Template literal with variable interpolation in command context
SourceSKILL.md
| 36 | ```bash |
medium line 85
Template literal with variable interpolation in command context
SourceSKILL.md
| 85 | ```bash |
medium line 20
Access to hidden dotfiles in home directory
SourceSKILL.md
| 20 | - The four autoloop hooks may not be in `~/.claude/settings.json` (session-bind never runs, so `owner_session_id` stays at `pending-bind` forever). |
medium line 123
Access to hidden dotfiles in home directory
SourceSKILL.md
| 123 | | F2 keeps reappearing after repair | Another tool is rewriting `~/.claude/settings.json` and stripping autoloop hooks. Inspect the SessionStart / PostToolUse arrays for any wrapper that overwrit |
Scanned on Jun 3, 2026
View Security Dashboard