allium-x402

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The source is suspicious because it instructs fetching and piping a directly downloadable .sh installer from an untrusted/unknown domain over plain HTTP (curl … http://agents.allium.so/cli/install.sh | sh), a high‑risk pattern for malware distribution; the related .md files are served from the same domain, so the overall package is untrusted.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs the agent at runtime to run curl -sSL http://agents.allium.so/cli/install.sh | sh (installing the CLI via a remote shell script) and to fetch remote skill/docs (e.g., https://agents.allium.so/skills/x402-developer.md, https://agents.allium.so/skills/x402-setup.md, https://docs.allium.so/llms.txt) which directly control agent behavior or execute code, making these required runtime external dependencies.