cass

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] command_injection: Reference to external script with install/setup context (SC005) The fragment is broadly coherent and functionally plausible for a cross-agent session search tool, but the use of a raw-install script from a remote URL (curl | bash) and the multi-machine/remote install capabilities introduce non-trivial supply-chain and data-flow risks. Recommend replacing raw-install delivery with signed releases, code signing verification, and clearly documented security controls for remote installations and key management. Confidence: moderate. Obfuscated: low. Malware: low. Security risk: moderate-to-high due to delivery and remote-data exposure potential. LLM verification: The skill's stated purpose (index and search local AI agent sessions) is consistent with the capabilities described, but the footprint is broad and sensitive. Key risks: (1) broad local file access that can surface credentials (mentions of ~/.ssh and ~/.config), (2) use of raw GitHub installer scripts without documented verification, and (3) lack of documented secret redaction, allowlists/exclusions, or clear network behavior for aggregation/telemetry. I assess this skill as SUSPICIOUS rather th