mac-cleaner-cli-disk-cleanup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The README includes explicit commands that fetch and execute remote code (e.g., "git clone https://github.com/guhcostan/mac-cleaner-cli.git" followed by "bun run dev") — so the GitHub repository (and the npm package at https://www.npmjs.com/package/mac-cleaner-cli) are runtime external dependencies that would execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs destructive system-modifying commands (deleting caches, uninstalling apps, cleaning system logs, Docker pruning, etc.) and even recommends running an elevated sudo command for DNS maintenance, so it pushes the agent to change system state and request privileged access.