self-improver

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a Git clone URL for a GitHub repo owned by an individual (mary4data) rather than a well-known vendor; it is not a direct executable download but cloning and running code or install scripts from an unvetted personal repo can deliver malware, so it should be treated as moderately-to-high risk until reviewed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly pulls and reads SKILL.md files from an external GitHub repo (see the git clone/git pull commands in "Step 3" and "/skills update") and then parses and acts on those SKILL.md contents under /data/workspace/clawbee/skills/, which exposes the agent to untrusted, user-generated third-party content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs git clone https://github.com/mary4data/ClawBee.git at runtime to populate /data/workspace/clawbee so that SKILL.md files from that repo are read and used as agent instructions, meaning fetched remote content can directly control the agent's behavior.