ordercli

[Skill Scanner] Backtick command substitution detected The documented behavior of ordercli is consistent with its intended purpose. The primary security concerns are its features that read browser profiles and import Chrome cookies, plus accepting raw bearer tokens via environment variables; these can expose sensitive credentials and expand the attack surface if the implementation does not properly scope and protect extracted artifacts. There is no direct evidence in the provided fragment of obfuscation, exfiltration to attacker-controlled domains, or backdoors, but absence of implementation details (cookie filtering, storage, TLS, telemetry) prevents a definitive low-risk classification. Recommend a focused code audit on cookie/profile reading code paths, credential storage and logging, and review of distribution artifacts (binaries, Homebrew tap) before trusting the tool with sensitive accounts. LLM verification: The documentation describes legitimate CLI features that require high privileges (reading browser profiles and cookie DBs, session import, token usage). Those features materially increase the risk profile if the package binary or distribution is untrusted or compromised. The fragment contains no direct evidence of malware or exfiltration, but because of the sensitive operations described, the package should be treated as potentially high-risk until the implementation, distribution source, and ne