quip-node-manager

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Although several links point to legitimate vendor sites (rustup.rs, bun.sh, v2.tauri.app) and a GitLab project, the skill explicitly instructs piping raw GitLab-hosted install.sh / install.ps1 into sh/iex — a high-risk pattern because executing remote scripts from a repository (even on GitLab) can directly install malware if the repo or scripts are malicious or compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches/run third‑party artifacts (install scripts from gitlab.com in Installation, docker images via docker pull/run in src-tauri/src/docker.rs, and native binaries via the "Background Update Monitor" that checks for new native binaries/images and can auto-restart the node) and also streams arbitrary node log lines to the frontend (stream_logs → "node-log-line"), so untrusted external content is ingested and can trigger actions like auto-restarts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Install commands fetch and execute remote scripts at runtime (curl -fsSL https://gitlab.com/quip.network/quip-node-manager/-/raw/main/scripts/install.sh | sh and irm https://gitlab.com/quip.network/quip-node-manager/-/raw/main/scripts/install.ps1 | iex), meaning external content is executed directly from those URLs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes system-level install and runtime actions (curl|sh installer, sudo dpkg, sudo certbot, firewall/port instructions, Docker container management and auto-restarts) that alter system state and require or encourage privilege escalation, so it pushes the agent toward modifying the host.