s800-vehicle-network-security-testing

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The GitHub link points to an unfamiliar/low‑reputation user hosting a powerful vehicle‑attack framework that requires running code (including setup/install steps and privileged network access), and the short ara.so domain is an unverified site reference—together these are suspicious and could be used to distribute malicious or harmful tooling.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The installation steps explicitly run "git clone https://github.com/zhu-zhu666/S800-Vehicle-Network-Security-Testing-Framework.git" followed by pip/install (including setup.py), which fetches remote code at install/runtime and executes it, so the GitHub repo URL is a runtime external dependency that can execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running multiple sudo commands and system-altering operations (modprobe, ip link setup, sudo python3 setup.py install, sudo usermod to add groups, sudo setcap) that modify kernel modules, network interfaces, capabilities, and user/group state requiring elevated privileges.