0xkey-keyops-share

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's init path (role_init.py / fetch_qos_client.py) auto-fetches the operator binary from GitHub Releases (https://github.com/0xkey-io/qos) at runtime and the fetched qos_client binary is executed by the skill (e.g. via scripts/enclave_keyops.py), so remote content is downloaded at runtime and runs code locally.