cookiy

The script itself is not overtly malicious: it merely automates running an npm package via npx. However, it performs a high-risk supply-chain action by automatically downloading and executing remote code (npx -y) without version pinning or integrity checks. --dry-run may reduce but does not eliminate risk because package behavior is unknown. Recommended actions: do not run this script on sensitive hosts without verifying the package source; prefer pinning to a specific known-good version, verify package integrity or vendor, run inside isolated CI containers or ephemeral VMs with limited network and filesystem access, and inspect the cookiy-mcp package source before executing. Overall risk: moderate and driven by the external package, not by the script.

SUSPICIOUS. The skill is broadly aligned with its stated Cookiy integration purpose and routes data to a matching Cookiy domain, but it grants the agent autonomous install/repair behavior, handles OAuth material, and can trigger billing/recruitment actions. Main risk is trusted execution of an external npm CLI with limited provenance evidence in the provided text, not clear malicious data exfiltration.

SUSPICIOUS. The skill is broadly aligned with its stated Cookiy integration purpose and routes data to a matching Cookiy domain, but it grants the agent autonomous install/repair behavior, handles OAuth material, and can trigger billing/recruitment actions. Main risk is trusted execution of an external npm CLI with limited provenance evidence in the provided text, not clear malicious data exfiltration.

SUSPICIOUS. The skill is broadly aligned with its stated Cookiy integration purpose and routes data to a matching Cookiy domain, but it grants the agent autonomous install/repair behavior, handles OAuth material, and can trigger billing/recruitment actions. Main risk is trusted execution of an external npm CLI with limited provenance evidence in the provided text, not clear malicious data exfiltration.

SUSPICIOUS. The skill is broadly aligned with its stated Cookiy integration purpose and routes data to a matching Cookiy domain, but it grants the agent autonomous install/repair behavior, handles OAuth material, and can trigger billing/recruitment actions. Main risk is trusted execution of an external npm CLI with limited provenance evidence in the provided text, not clear malicious data exfiltration.

This module behaves like a legitimate, user-driven bootstrap/removal orchestrator: it parses input, resolves/validates a user-provided server URL (including an outbound reachability check), detects installed local coding clients, then delegates all privileged/side-effecting work (config edits and local skill install/remove) to imported modules using locally discovered paths. In the code shown, there are no direct malicious indicators (no obfuscated execution, no credential handling, no direct exfiltration/persistence). The overall security risk is moderate mainly because the tool accepts arbitrary URLs and passes user-controlled parameters plus local filesystem paths into downstream installer/remover implementations, which are not visible here and must be audited to exclude unsafe file/network behavior.