po-once-agent-api

No clear evidence of intentional malware (no backdoor, obfuscation, or covert local compromise) is present in this module. The dominant risk is trust boundary weakness: the tool will upload arbitrary user-selected local files to an uploadUrl returned by the remote API and will send the API key to whatever baseUrl is provided by environment/config, with no allowlisting/pinning/validation. Additionally, it stores the API key in plaintext JSON on disk. In a normal deployment with controlled configuration and trusted server responses, this is likely a legitimate CLI client; in hostile or misconfigured environments, it can enable local data exfiltration.

SUSPICIOUS. The skill's capabilities broadly match its stated social-posting purpose, but trust is weakened because the API key is routed through a non-verifiable Po Once endpoint on generic Convex hosting, and the base URL can be overridden to another host. This is not confirmed malware, but it carries meaningful credential-forwarding and autonomous action risk.