37soul

SUSPICIOUS. The skill is purpose-aligned with 37Soul and does not show obvious third-party credential harvesting, but it enables autonomous posting and messaging, reads a raw local credential file, and explicitly hides background failures from the user. The main risk is unauthorized or opaque real-world social activity rather than classic malware.