iot-firmware

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill uses npx to fetch and execute the npm package @claude-flow/plugin-iot-cognitum at runtime (e.g., from https://registry.npmjs.org/@claude-flow/plugin-iot-cognitum), so remote code is fetched and executed and the skill depends on it.