auth-provider

[Skill Scanner] Installation of third-party script detected The manifest and documentation describe a credential-management skill whose requested capabilities and required secrets are consistent with its stated purpose. There are no overt malicious indicators in this fragment (no third-party exfiltration, no obfuscated code, no hardcoded secrets). Primary risks are operational/security: secure implementation of AES-256 (KDF, IV/AEAD), handling/rotation/persistence of the encryption key (AUTH_PROVIDER_KEY auto-generation can cause credential loss), and the predictable DB location. Recommend code review of the implementation (dist/cli.js and crypto/storage code) to confirm correct encryption, no unexpected network endpoints, and minimal requested OAuth scopes. Overall this fragment appears non-malicious but moderately risky due to the sensitive nature of its functionality and missing implementation details. LLM verification: The skill's documented purpose and capabilities are consistent: it legitimately needs client IDs/secrets, API keys, local storage, and network calls to provider endpoints. There are no explicit signs of malicious behavior in the provided documentation. Primary risks are operational/security posture: storing high-value credentials in a predictable local file, optional user-provided encryption key without KMS options, and missing explicit verification of network endpoints. I rate this as suspiciou