@1977/billions-faiar

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes "npx clawhub@latest install verified-agent-identity", which fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/clawhub), so the fetched package runs at runtime and can control prompts or execute code.