zergscholar
Warn
Audited by Socket on Jul 5, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
The skill's behavior is largely consistent with its stated sync purpose: it reads local notes/PDFs, writes linked metadata, and sends content to the named ZergScholar service. The main concerns are moderate trust and privacy risks from storing a write-scoped token locally, using a platform-hosted fly.dev endpoint, and lacking verifiable provenance for the referenced local bridge script. Overall this looks coherent rather than overtly malicious, but it should be treated as medium risk and used only if the service and script source are trusted.
Confidence: 82%Severity: 56%
Audit Metadata