substracker

Benign-to-moderate risk: the skill is purposefully scoped to manage SubsTracker resources via a CLI and legitimate notifier integrations. The main security considerations are secure handling of API credentials and notifier tokens, ensuring logs do not leak secrets, and validating that bun/runtime sources are trusted. The data flows are consistent with the stated purpose; there are no evident malicious data exfiltration patterns. Treat as suspicious only if notifier credentials or environment secrets are logged or transmitted insecurely.