anysearch

SUSPICIOUS. The core search capability matches the stated purpose, and there is no local installer or obvious malware behavior, but the skill has a significant credential-handling flaw: it instructs the agent to persist API keys in plaintext by editing SKILL.md. The service endpoint is first-party to the claimed provider rather than a third-party proxy, yet official documentation for the API and auto-registration flow could not be independently confirmed. Main risk is credential exposure and untrusted-content ingestion, not confirmed malicious intent.