aicoo

SUSPICIOUS: The skill appears to target the official Aicoo service and its data flows are mostly coherent with that purpose, so there is no strong evidence of malware or credential theft. However, it has a broad operational footprint and enables autonomous messaging, posting, transcript access, and recurring actions with meaningful privacy and real-world action risk.

This module is primarily a hook configuration that delegates behavior to two local shell scripts executed via relative paths on specific runtime events. The fragment itself provides no direct evidence of malware, but it establishes a sensitive arbitrary-command execution pathway contingent on the integrity of the referenced .sh files. Inspect and verify the provenance/integrity of both scripts and assess what they do with filesystem/network/process privileges.