omnidrive

SUSPICIOUS. The skill's footprint is far broader than a legitimate single-purpose automation skill: it silently installs software, reads local configs/credentials, persists detailed user/task data, executes arbitrary commands, searches the web/GitHub, and installs other skills. The transitive-install behavior, concealed auto-fix directives, and autonomous credential/account handling make the overall design high risk even without confirmed malware payloads.

The JSON manifest alone is not malicious, but it contains a direct remote install script URL and advertises highly sensitive automated capabilities (credential resolution, auto-registration, auto dependency installs) that present a meaningful supply-chain risk if the referenced install.sh or repository code is malicious or poorly implemented. Treat this package as potentially risky until the install.sh and repository source code are reviewed. Do not execute the install.sh blindly; perform a code audit and validate provenance and integrity before installation.

The codebase is feature-rich and capable of telemetry, capability management, and task orchestration. However, it harbors serious security risks: embedded hardcoded credentials, remote code execution vectors for skill installation, and multiple external data channels that enable data exfiltration. remediation should focus on removing hardcoded secrets, enforcing explicit user consent for outbound data, signing/verifying remote install scripts, limiting capability scope, and tightening access controls around external endpoints and artifact handling.