zero-chat

This code is not overtly malware (it only calls curl), but it is a high-impact credential-handling wrapper: it unconditionally attaches a bearer token from an environment variable to requests whose destination and behavior are fully determined by caller-provided arguments. In a supply-chain context, this can become a token exfiltration or SSRF/enabled-auth-fetch primitive if the caller or inputs are attacker-influenced or compromised.

SUSPICIOUS: The skill’s API actions match its stated chat purpose and the destination is the expected VM0 API, but it relies on an undocumented `zero-curl` wrapper that automatically handles authentication. Because that CLI’s provenance and release path were not verified, this creates a high supply-chain and credential-forwarding risk disproportionate to a simple API guide.