collection-claude-code-source-code

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Both links are untrusted: the GitHub repo is from an unknown user claiming leaked/decompiled source with explicit instructions to clone and run/install code (which can execute arbitrary/malicious actions), and the short ara.so domain is an unverified/ambiguous host — together they present a moderate-to-high risk unless the repository and any downloads are fully audited and executed only in a safe sandbox.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install step clones and installs code from https://github.com/chauncygu/collection-claude-code-source-code.git, which fetches remote code that defines system prompts and tool logic (including shell-executing tools) that will directly control agent prompts and execute code at runtime.