research

[Skill Scanner] Outbound data post or form upload via curl/wget detected The research skill's stated purpose (coordinating multi-agent research and content extraction) is plausible and many capabilities align with that purpose. However, there are several concerning and unnecessary behaviors: a mandatory immediate curl POST to localhost on every invocation, instructions to immediately run external/unproven CLI tools (fabric -y URL), and automatic loading/execution of user-provided customization files. Those patterns create supply-chain and local-execution risks (forced side-effects, potential for credential forwarding, and ability for malicious local customizations to change behavior). I assess this skill as SUSPICIOUS: not confirmed malware, but higher-than-normal supply-chain and operational risk. Recommend removing or making optional the immediate curl/notification, adding provenance/pinning for any external binaries, enforcing explicit user consent before executing tools, and limiting/trusting customization sources. LLM verification: SUSPICIOUS — the skill's stated purpose (research) matches most capabilities, but mandatory automatic actions are concerning. The requirement to run a curl POST immediately upon invocation and to execute external CLIs (fabric -y) without explicit user confirmation are supply-chain/execution risk patterns. Integration with third-party scraping/proxy services (BrightData, Apify) and reading local customization files increases the chance of credential forwarding and data exposure. Recommend: remove