mole-mac-cleaner

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to a GitHub repo and a raw install.sh intended to be run via "curl | bash" (raw.githubusercontent.com/tw93/mole/main/install.sh), which is a high-risk pattern from an unverified/unknown author (tw93) despite being on GitHub — run-only scripts and short domains like ara.so can be used to distribute malware unless you audit the script and repo first.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes an install instruction that runs remote code: "curl -fsSL https://raw.githubusercontent.com/tw93/mole/main/install.sh | bash", which fetches and executes a script at runtime for installing the required Mole CLI that the skill depends on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs running system-modifying and destructive commands (uninstalling apps, removing swap files, rebuilding launch services, restarting system daemons) and explicitly offers "mo touchid" to configure Touch ID for sudo and curl|bash install steps, all of which require elevated privileges and can alter system state.