spanner-data

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The scripts are not overtly malicious themselves but they dynamically fetch and execute an external npm package via npx and pass the full process environment (plus optionally a local .env) to that remote code, creating a high-risk supply-chain / remote-code-execution vector that can easily enable credential theft or data exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts invoke npx to fetch and execute the package "@toolbox-sdk/server@1.1.0" at runtime (npx will download and run code from the npm registry, e.g. https://registry.npmjs.org/@toolbox-sdk/server), so remote code is fetched and executed and is required for the skill to run.