sorin-skill

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight script performs a runtime curl to https://raw.githubusercontent.com/okx/plugin-store/main/skills/sorin-skill/plugin.yaml and uses the fetched version to decide whether to run npx skills add ... (which would fetch and execute remote code), so the raw.githubusercontent.com URL is a runtime dependency that can trigger remote code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill instructs the agent to run an auto-update/version-check shell script that writes to the user's $HOME and may invoke npx ... --global (which can modify installed packages), but it does not request sudo, edit system-level files (like /etc or systemctl), or create users—so it poses a low-to-moderate state-change risk.