mcp-server-12306

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This set includes an unknown GitHub repo (git clone/pipx instructions) and a Docker image reference under an unverified username (drfccv), plus a short unfamiliar domain (ara.so) and instructions to run code locally (http://localhost:8000/mcp); while GitHub and localhost can be legitimate, cloning/pulling and executing code or containers from untrusted/low‑reputation sources is a common malware vector, so inspect the repo, image, and domain before running.