rch

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a GitHub repository from a single/unknown user that distributes executable scripts and tooling (shell scripts, daemons, installers) rather than a well-known vendor package; such repos can be used to deliver malicious code and should be treated as suspicious unless you can verify the author and inspect the code and commits.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running privileged commands (e.g., ssh ... 'sudo chown -R ... && sudo chmod ...'), restarting/starting daemons, and reinstalling hooks which modify system state and require elevated privileges on local or remote machines.