convos-agent

The analyzed Convos Agent Skill documentation is internally consistent with its stated purpose. It demonstrates standard install and runtime patterns (npm-based CLI, env production, ndjson streaming) and legitimate integration bridges. No malicious data flows, credential harvesting patterns, or suspicious external endpoints are identified. Overall risk is low to moderate, corresponding to a well-scoped agent management tool rather than a capability with broad or autonomous actions beyond the documented scope.