quark-mswnlz-publisher

The inspected file is a benign-looking orchestration script that batch-transfers URLs into QuarkPan and creates share links. The main security concern is operational/supply-chain: it automatically loads a repository-local secrets.env into process environment variables at import time and delegates network actions to opaque external modules (quark and helpers). If those dependencies are malicious or compromised they could misuse the injected credentials or uploaded content to exfiltrate data. Recommended mitigations: remove or gate implicit secrets loading (require explicit opt-in), validate/sanitize input URLs, audit and pin the quark and helper dependencies, and review the secrets.env contents and access controls. No direct indicators of malware were found in this file itself.

SUSPICIOUS. The skill is internally coherent, but it is a high-impact automation pipeline that combines account cookies, write-capable GitHub access, Telegram bot credentials, public link generation, and autonomous publishing. The biggest risk is not classic malware behavior but broad automated real-world actions and mass distribution, including promotional file injection into shared folders.