agent-messaging

[Skill Scanner] Natural language instruction to download and install from URL detected The documentation fragment describes a legitimate-sounding local signed messaging tool with optional federation. The primary security concerns are: (1) the download-and-execute install pattern (git clone + run install script) which is a high-risk supply-chain vector; and (2) lack of detail about federation/provider behavior allowing potential data exfiltration of messages and attached files. The fragment itself does not contain explicit malicious code or obfuscation, but following the install instructions or registering with untrusted providers could expose the host and data. Recommend verifying installer provenance (pinned commit or signed releases), reviewing install script before execution, and restricting attachment use and federation to trusted providers. LLM verification: The SKILL.md describes a plausible local agent messaging skill with Ed25519-signed messages and local key storage. There is no direct evidence of malicious code in the provided document. However, the install instructions ask users to clone a GitHub repo and execute an installer script without a pinned commit, signature, or checksum — a classic download-and-execute supply-chain pattern. Federation features (external providers, attachment uploads) introduce potential data exfiltration pathways if