autonomous-loops

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a direct raw GitHub URL to an install.sh shell script that the skill suggests piping to bash (curl | bash); hosting on raw.githubusercontent.com and a known username reduces but does not eliminate risk — executing a remote .sh without inspecting it is inherently dangerous and can distribute malware.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes an installation command that fetches and executes remote code at runtime via curl -fsSL https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh | bash, which runs external code the skill relies on to install/run the Continuous Claude tool.