Edithai

The EdithAI skill installs a global NPM package (@xin9min9/edithai-cli) and grants an AI agent broad system permissions, including file read/write access, process monitoring, and network analysis. While its stated purpose is log analysis via the DeepSeek API, the tool provides high-risk capabilities that could be used for data discovery and exfiltration. The documentation (SKILL.md, CAPABILITIES.md) describes a wide array of diagnostic tools and terminal execution features that, while including some whitelisting mitigations, represent a significant attack surface without a verified source repository (currently using a placeholder GitHub URL).