zapier-workflows

[Skill Scanner] Instruction to copy/paste content into terminal detected Functionally, this skill does what it claims: it documents Zapier webhooks and MCP tools, triggers webhooks via curl, and persists learning by editing local reference files. The main security concerns are not hidden malicious behaviors in the code fragment, but design choices that increase credential exposure and allow an agent with Edit and Bash permissions to persist and execute network actions. Those capabilities are coherent with the stated purpose, but they carry real supply-chain and operational risks: plaintext storage of webhook URLs (auth tokens), potential accidental commit of secrets, and the ability to POST arbitrary payloads to arbitrary endpoints. Mitigations (encrypting stored tokens, strict file-path whitelisting, domain whitelists for webhooks, explicit confirmation before outgoing network calls, and clear least-privilege guidance) are advisable. I assess this skill as suspicious rather than directly malicious: it contains powerful features that are appropriate to the purpose but are high-risk if misconfigured or abused. LLM verification: No direct evidence of malicious code in this file — the content documents an integration that legitimately needs to persist and call Zapier endpoints. However, the design choices present moderate to significant operational security risks: plaintext storage of webhook URLs/tokens, global install recommendation increasing blast radius, and an automated self-editing capability that could be abused. Treat the package as usable only with strong operational controls: store secrets outside the skill (u