teneo-agents

SUSPICIOUS. The skill's stated purpose matches a crypto analytics agent, but it relies on a separate Teneo CLI skill and opaque remote execution with limited endpoint transparency. The main concerns are transitive skill trust, bundled CLI dependence, and potential paid real-world actions rather than confirmed malware.

SUSPICIOUS: The skill’s stated purpose matches its Instagram scraping commands, and same-org evidence suggests Teneo is a real publisher. However, this skill’s core execution path depends on a separate CLI skill and a local binary whose install details, pinning, and network endpoints are not fully disclosed here, creating medium supply-chain and transitive-trust risk rather than clear malicious behavior.

SUSPICIOUS: The skill's stated Google Maps purpose broadly matches its commands, but its actual functionality is entirely mediated by a separate Teneo CLI skill and network agent, creating transitive trust and opaque data flows. This is not confirmed malware, but it is a medium-risk skill because execution, provenance, and backend handling are delegated outside the reviewed file.

SUSPICIOUS: The skill's stated function—crypto market data lookup—is plausible, but its real execution path is an indirect, transitive dependency on the separate Teneo CLI skill and backend rather than a direct CoinMarketCap API integration. That makes install trust and data flow integrity only partially verifiable from this skill alone. No clear credential theft or overtly malicious behavior appears in the provided text, but the external-skill dependency and mediated network path make the footprint riskier than a simple documentation wrapper.

SUSPICIOUS. The stated purpose mostly matches the capability, but the skill is primarily a thin wrapper around an external Teneo CLI provided by another skill, creating transitive trust and opaque network routing. No direct credential theft or explicit malicious behavior is present in this file, but the dependency on an unreviewed companion skill and indirect data path make it medium risk.

SUSPICIOUS: the stated purpose matches a crypto liquidation watcher, but the skill’s main function is to hand execution to a separate bundled Teneo CLI and another skill, leaving installer trust and runtime data flows under-specified. No direct credential harvesting is shown here, but the transitive-skill dependency and opaque local executable make the overall risk medium.

SUSPICIOUS. The skill's TikTok-query purpose broadly matches its commands, but its real execution depends on a separate Teneo CLI skill and routes data through the Teneo network rather than directly to TikTok. That transitive trust and indirect data flow are the main concerns; without the referenced CLI/install details, risk remains medium rather than benign.

SUSPICIOUS: The skill's Amazon-scraping purpose mostly matches its documented commands, but its real function is delegated to a separate Teneo CLI/skill and opaque network service. The main concerns are transitive trust, shell execution of an external CLI, and indirect data flow through Teneo rather than clearly documented official Amazon endpoints. No direct credential harvesting or confirmed malicious behavior is shown in this skill alone.

Suspicious. The skill's stated purpose matches a Teneo agent wrapper, but it offloads core execution to another skill and an external CLI, creating a transitive trust and opaque data-flow risk. It also touches paid prediction-market behavior, which is higher risk than a simple documentation or utility skill.

SUSPICIOUS: The stated purpose matches a Teneo network agent wrapper, but the skill’s actual trust boundary is incomplete because it relies on an external/local CLI and a separate `teneo-cli` skill for installation. There is some same-org legitimacy for Teneo domains and GitHub resources, but the exact bundled CLI artifact used by this skill is not verifiable here, so supply-chain risk is the main concern rather than confirmed malicious behavior.

SUSPICIOUS. The skill’s stated purpose broadly matches agent discovery and invocation, but its actual footprint depends on an opaque bundled CLI and includes high-risk real-world crypto actions plus broad remote data handling. With no verifiable provenance for the core executable and no clear downstream endpoint disclosure, the skill is too trust-heavy for its scope.

SUSPICIOUS: the skill's crypto-bridge purpose matches its capabilities, but it routes high-impact financial actions through a Teneo intermediary and a transitive CLI install chain rather than a direct official LayerZero path. Same-org provenance keeps this from looking malicious, but autonomous transaction potential and intermediary data flow make the overall security risk high.

SUSPICIOUS: the skill's purpose aligns with crypto prediction-market trading, but it enables autonomous financial actions and relies on a transitive Teneo CLI trust chain that is not fully reviewable here. This is better classified as a high-risk trading skill than confirmed malware.

SUSPICIOUS: the skill’s stated purpose is coherent, but its real functionality depends on an external bundled CLI and a separate `teneo-cli` skill that are not independently verifiable from the provided evidence. This creates a supply-chain and transitive-trust risk disproportionate to a simple Youtube integration, even without direct evidence of credential theft or overtly malicious behavior.