zonein

The Zonein skill has a coherent purpose for signal retrieval and agent management, but it introduces notable credential-handling risks: it can read a local credential file as a fallback and transmits an API key to an external API endpoint. While the external communication is expected for the service, the combination of local credential reads and remote API calls elevates risk. Overall, the footprint is suspiciously proportional to its stated purpose, but not inherently malicious; treat as MEDIUM risk with emphasis on credential management hygiene and strict credential scoping. Ensure explicit user consent for any local credential access and consider pinning or integrating with official, auditable credential stores and clear telemetry around when and how credentials are used.