⚠The team behind this tool is not publicly identified. Treat with extra caution — anonymous authorship is a significant trust risk.

Caveman

Name: Caveman (B-) — Security & Privacy Review
Item: Caveman
Rating: 3.2
Author: Limpid

Prompt Engineering

B-

Overall score: 3.2Reviewed April 15, 2026

Effectively a transparent text file with near-zero security surface, but operated by an anonymous GitHub user with no legal entity, no ToS, and benchmark claims presented without reproducible methodology.

Score Summary

Claim Accuracy3/5

Data & Privacy4/5

Security Posture4/5

Transparency1/5

Key Findings

›Caveman is a plain-text .skill file — not executable code — that instructs Claude Code to respond tersely; it introduces no new system permissions, no network calls, and no data collection of its own (source: https://github.com/JuliusBrussee/caveman).
›The tool is operated solely under the GitHub handle 'JuliusBrussee' with no real name, no legal entity, no security contact, and no way to seek recourse if the repository is compromised or abandoned (source: https://github.com/JuliusBrussee/caveman).
›No Terms of Service or Privacy Policy exists — appropriate for a local skill file with no backend, but there are no documented commitments of any kind (source: https://github.com/JuliusBrussee/caveman).
›Performance claims of '75% token reduction', '100% technical accuracy', and '~3x speed increase' are presented in the README without reproducible benchmarks, methodology, or test conditions (source: https://github.com/JuliusBrussee/caveman/blob/main/README.md).
›The install command `claude install-skill JuliusBrussee/caveman` fetches directly from a single individual's GitHub account — if that account is compromised, a malicious skill update could be pushed silently (source: https://github.com/JuliusBrussee/caveman/blob/main/README.md).