semantic-search

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is functionally aligned with its purpose (semantic code search) but poses notable supply-chain/privacy risks: it scans arbitrary project files and sends code snippets to an external LLM (Gemini) using a user-provided API key stored in plaintext under ~/.semantic-indexer. The daemon/watch behavior and broad python execution permission increase the attack surface and potential for accidental or malicious data exfiltration (source code, credentials, PII). I classify this as suspicious for sensitive-data exposure rather than outright malware — review and mitigation (explicit user consent per project, redaction of secrets, secure key storage, least-privilege allowed_tools, and clear documentation of endpoints/retention) are strongly recommended before use in environments containing sensitive code. LLM verification: No clear malicious code or purposeful exfiltration is present in the provided skill documentation. The skill's capabilities (reading project files, running background indexer daemons, storing embeddings in pgvector, and calling an embedding API using a stored API key) are consistent with its stated purpose. However, there are meaningful security risks: plaintext shared credentials (~/.semantic-indexer/credentials.json), auto-discovery/auto-indexing of projects (risk of indexing sensitive files u