rfc-lookup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx to fetch and run the remote npm package @mjpitz/mcp-rfc at runtime (see: python3 $MCP_CALL "npx -y @mjpitz/mcp-rfc" ...), which downloads and executes remote code from the npm registry (https://www.npmjs.com/package/@mjpitz/mcp-rfc) and is required for the skill to operate.