waza

SUSPICIOUS: the core purpose is coherent, but the skill’s actual data flow is broader than necessary because it routes arbitrary URLs through third-party proxy services and relies on undisclosed helper commands. This looks more like a risky web-reading utility than malware, with the main concerns being proxy-mediated content exposure, opaque execution steps, and untrusted-content handling.

From the provided fragment, there is no direct evidence of malicious payloads (no explicit exfiltration/backdoor logic shown), but there is a significant supply-chain risk pattern: the README documents downloading and executing a remote shell script via `curl ... | bash` and also downloading remote rule content that is written into local agent configuration. The true malware likelihood cannot be confirmed without auditing the referenced remote script(s), rule files, and the installed skill/package code. Review and integrity-check the fetched assets before use.

No direct indicators of credential theft, data exfiltration, or explicit backdoor logic are present in this installer code itself. However, it creates a meaningful supply-chain security risk by downloading an executable script from an unpinned, unauthenticated public URL and then configuring Claude Code to execute it later via bash. The most important hardening gap is the absence of integrity verification (e.g., pinned commit + checksum/signature) for the downloaded content.

No direct evidence of classic malware behavior (no backdoor/persistence/credential theft/reverse shell) is present in this Bash fragment. However, it has moderate security/supply-chain exposure: it executes an npm tool at runtime via npx --yes (which can download and run third-party code) and it forwards arbitrary user-supplied URLs to external fetching services (privacy/SSRF-like reachability depending on the behavior of those services). It also emits untrusted fetched text directly to stdout, which can be risky for downstream renderers/terminals. In high-trust environments, treat this as needing controls such as dependency pinning/verification and strict URL/proxy governance.