acommons

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The skill presents a coherent, purpose-aligned set of capabilities for local AI usage analytics with optional cloud synchronization. Data reads are local and scoped to analytics sources; network activity is limited to device authorization flows for linking to a cloud API, which is a standard supply-chain concern but not inherently malicious. The data flows and credential handling justify cautious review of storage security, access controls, and TLS validation for external endpoints. Overall risk is moderate with no detected malware in the fragment. LLM verification: The skill is plausibly aligned with its stated purpose but contains non-trivial security considerations around credential handling and external network interactions. It should be treated as SUSPICIOUS-to-MEDIUM risk due to credential exposure potential and external network activity, but not malicious based on the provided content. Hardening recommendations include: use of a secrets vault or restricted file permissions, restricted network egress with TLS pinning, least-privilege execution of scri

This script is an installer that establishes persistence and integration points to execute two Node scripts regularly and/or via a third-party application's hooks. The installer itself does not show direct exfiltration or obfuscated malicious code, but it performs actions often used by malware/backdoors: copying executable scripts into a hidden directory, injecting a command into another application's settings.json to cause that app to execute a local script, and creating cross-platform scheduled tasks to run a collector script hourly in the background. Because the actual payloads (hook.mjs and collect.mjs) are copied and will be executed with user privileges by the scheduler or application hook, this installer should be treated as potentially dangerous until those scripts are audited. Recommended action: review hook.mjs and collect.mjs before running this installer; do not allow it to modify other apps' configs or install schedulers unless you trust the source.