service

[Skill Scanner] Download or install from free hosting/deployment platform detected All findings: [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] BENIGN: The skill documentation and examples are internally consistent with the stated purpose of managing Railway services. It references the Railway CLI and GraphQL API via a local wrapper script and uses an expected icon service. No hardcoded secrets, obfuscated code, suspicious external endpoints, or disproportionate credential requests are present in the provided fragment. The primary operational risk is the usual privilege risk of running Railway CLI/API operations with user credentials — expected and documented. No indicators of supply-chain or exfiltration behavior were found. LLM verification: This SKILL.md is coherent and aligned with its stated purpose. The operations described (parsing railway CLI JSON, assembling GraphQL mutations, setting service configuration) are appropriate for a service management skill. There are no direct signs of malicious behavior in this file. The only notable risk is the use of external icon/image URLs (including devicons.railway.app) which will cause requests to third-party hosts and could leak metadata; this is a privacy/logging consideration rather t