telos

SUSPICIOUS: the core local analysis purpose is coherent, but the mandatory pre-action HTTP notification is not proportionate to that purpose and introduces an unnecessary data flow. The skill also handles exceptionally sensitive personal records, so the forced network side effect and broad personal context access raise meaningful privacy and security concerns even without clear evidence of overt malware.

Code contains high-risk patterns though not obviously intentionally malicious. The endpoint executes a user-local script per request and passes the user's complete TELOS (sensitive personal data) and unvalidated user input as command-line arguments to that process. This enables straightforward data exfiltration, local privilege misuse, and remote code execution if the script is replaced or itself makes network calls. Immediate mitigations: do not execute user-home scripts from a public endpoint; remove secrets from command-line arguments (use stdin/secure IPC); add input validation, size limits, timeouts, and sandboxing for inference; restrict logging of child stderr; and ensure the executed binary/script is trusted and immutable. Treat this as a moderate-to-high security risk for production deployments.