claude-code-rust

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to an untrusted/unknown GitHub account offering prebuilt executables via a direct Releases download (and an independent ara.so domain) — distributing unsigned binaries from an unvetted user is a high-risk pattern for malware delivery.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CI install step fetches and executes a prebuilt binary from https://github.com/lorryjovens-hub/claude-code-rust/releases/latest/download/claude-code-linux-x64 (and the repo is also cloned via https://github.com/lorryjovens-hub/claude-code-rust.git in install instructions), which downloads remote code that is then executed as a required dependency in the example CI/run flow—meeting the criteria for executing remote code at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes explicit installation commands that copy binaries into system locations with sudo (e.g., sudo cp /usr/local/bin, install scripts that modify Program Files or /usr/local/bin, CI steps writing to /usr/local/bin), which instructs changing system-wide files and thus pushes actions that can modify the machine state and require elevated privileges.