zeude

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs include a direct raw install.sh intended for curl|bash and instructions to npx-install GitHub-hosted skills (both allow arbitrary remote code execution if run without inspection); while they point to GitHub (better than unknown file hosts) and a localhost OTLP endpoint (not an external download), executing the remote .sh or fetched skill repos without auditing is a high-risk practice.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). Zeude's design (a curl|bash installer, a local shim that intercepts claude CLI and syncs remote skills/MCP/hook configs on each invocation, and OpenTelemetry/hooks that capture and send every prompt/session to central ClickHouse/Supabase) creates clear avenues for centralized remote code deployment, prompt/data exfiltration, and supply‑chain/backdoor abuse.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's installer runs a remote script via "curl -fsSL https://raw.githubusercontent.com/zep-us/zeude/main/install.sh | bash -s -- --key <AGENT_KEY>" which fetches and executes remote code and installs a shim that synchronizes remote config/hooks (controlling prompt suggestions and deployed skills) at runtime, creating a direct external control vector.