belt

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The domain belt.sh hosts documentation, but the provided install instruction (curl -fsSL https://belt.sh/install | sh) is a high‑risk pattern because it fetches and executes a remote shell script from an unverified source, so while docs pages are low risk, the installer distribution method could be used to deliver malware unless the publisher is independently verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install step runs "curl -fsSL https://belt.sh/install | sh", which fetches and immediately executes remote shell code from https://belt.sh/install as a required installation step for this skill.