allium-x402

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). These links point to an unverified third‑party domain and include a direct install script fetched over unencrypted HTTP and instructions to curl | sh (plus downloadable .sh/.md files), which is a classic high‑risk pattern for distributing malware.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly tells the agent to run remote installers and fetch runtime instructions — e.g., executing the installer via "curl -sSL http://agents.allium.so/cli/install.sh | sh" and fetching skill docs at "https://agents.allium.so/skills/x402-setup.md", "https://agents.allium.so/skills/x402-developer.md", and "https://agents.allium.so/skills/x402-explorer.md" — which execute remote code or inject external content that directly controls agent behavior and are required for the skill.