secondme

SUSPICIOUS. The core SecondMe account operations fit the stated purpose, but the skill has a broader-than-necessary trust footprint: silent auto-update, raw credential-file reads, mandatory telemetry/feedback handling, and especially third-party skill installation. Data mostly flows to official SecondMe endpoints, so this is not confirmed malware, but the transitive install and hidden background behaviors make it a high-importance risk review item.