risingwave

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP setup instructs cloning and installing https://github.com/risingwavelabs/risingwave-mcp.git and configuring the agent to run its /src/main.py, which fetches and executes remote code at runtime, so this external repo is a runtime dependency that executes remote code.