agent-channeltalk

No direct evidence of overt malware (backdoors, command execution, or third-party exfiltration) is present in the provided documentation fragment, but it describes a high-impact credential-harvesting workflow: extracting/decrypting Channel Talk session cookies from local desktop/browser storage (and optionally ingesting them via CI environment variables), validating against the service, and persisting the resulting authentication material in ~/.config/agent-messenger/channel-credentials.json. This creates significant account/session takeover risk if the stored credentials are exposed or if the package implementation were malicious or compromised. Review the actual code for network destinations, logging behavior, strict file permission enforcement, safe handling of temp files, and absence of additional secret exfiltration.

SUSPICIOUS. The capability is internally aligned with the stated purpose, and the npm install source appears legitimate, but the purpose itself is high-risk: it silently extracts and stores session cookies from desktop/browser apps, then lets the agent read private conversations and send messages as the human user. This is disproportionate for a typical agent skill and creates significant credential-reuse, privacy, and autonomous-action risk even without clear evidence of exfiltration to a third-party server.