parallel-web

This skill is coherent with its stated purpose: it centralizes web search, deep research, and URL extraction through the Parallel.ai APIs and enforces saving results to a local sources/ folder. I did not find explicit malicious code, obfuscation, or direct credential-harvesting routines in the provided text. However, there are supply-chain and privacy risks that warrant caution: (1) all queries and extracted content are sent to a third-party API (requires trusting Parallel.ai and any runtime libraries), (2) mandatory persistent saving of all outputs to sources/ increases the risk of unintentionally persisting sensitive data, and (3) install instructions do not pin package versions or provide integrity checks. Overall this appears functionally legitimate but requires operational controls (restricting what is sent to the API, redaction/ACLs for sources/, pinned dependencies, and network allowlisting) to reduce exposure.