nextdns-cli

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill repeatedly instructs runtime execution of a remote installer fetched and executed via curl (e.g., sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"'), which downloads and runs remote code from https://nextdns.io/install, so this is a required runtime dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly covers installing the NextDNS CLI, managing the daemon (start/stop/systemd integration), and changing system DNS/service configuration files—actions that modify system state and typically require sudo or privileged access.