link-to-im

SUSPICIOUS: the skill is largely aligned with its stated IM-bridge purpose, but it creates a high-trust remote control surface for the coding agent, stores multiple platform credentials locally, and relies on local helper binaries with limited provenance evidence here. This looks more like a legitimate but medium-risk bridge/ops skill than outright malware.

No clear indicators of malicious payload behavior are present in this fragment; it functions as a standard launchd supervisor for a Node.js daemon. However, it significantly increases credential exposure by embedding API keys/provider secrets into a generated LaunchAgents plist on disk and by logging to configurable file paths. Additionally, it constructs plist XML via unescaped interpolation, which can cause malformed configuration if values contain XML-sensitive characters. Overall: likely legitimate process management with medium security risk driven by secret handling and plist/XML hygiene.

No explicit signs of data exfiltration or classic malware (no network calls, credential theft, persistence, or obfuscated payload execution) are present in this fragment. The main supply-chain/security concern is behavioral: it globally monkey-patches child_process on Windows and can redirect execution based on filesystem-based parsing of .cmd/.bat files and existence checks for derived scripts. If untrusted inputs or batch files can be influenced, this could enable execution of unintended local scripts, making the module security-sensitive and requiring review/validation of its necessity and input trust boundaries.