cookiy

SUSPICIOUS: the skill's purpose broadly matches its capabilities, but it expands the agent with externally installed MCP tooling, OAuth-backed remote control flow, and real-world recruitment/payment actions. The main concerns are supply-chain trust, sensitive data leaving to a hosted service, and server-directed agent behavior rather than obvious malware indicators.

SUSPICIOUS: the skill's purpose broadly matches its capabilities, but it expands the agent with externally installed MCP tooling, OAuth-backed remote control flow, and real-world recruitment/payment actions. The main concerns are supply-chain trust, sensitive data leaving to a hosted service, and server-directed agent behavior rather than obvious malware indicators.