opencli-rs-web-scraper

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs include direct downloads of a Windows binary zip and a raw install.sh hosted on GitHub by an apparently unknown user (nashsu) and the install instructions recommend curl|sh and direct .zip/.exe handling — common vectors for malware distribution even though GitHub hosting and some placeholder/example domains reduce but do not eliminate risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and AGENT.md explicitly show browser-mode commands (e.g., twitter, reddit, youtube, zhihu) and AI Discovery commands (opencli-rs explore/generate/synthesize) that fetch and ingest public user-generated content and arbitrary website URLs (via the Chrome extension and custom adapters), which the agent is expected to read/interpret and could materially influence subsequent tool use or actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running npx skills add https://github.com/nashsu/opencli-rs-skill (which fetches and installs a remote skill into the agent runtime) and also provides a curl -fsSL https://raw.githubusercontent.com/nashsu/opencli-rs/main/scripts/install.sh | sh installer (which downloads and executes remote code), both of which are high-risk because they retrieve and run external code that can modify agent tools/prompts or execute arbitrary code.