tg-ws-proxy-telegram-socks5

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Although the list includes legitimate services (Telegram API, GitHub, AUR, VirusTotal), the skill directs users to download and run prebuilt binaries from third‑party GitHub/AUR releases and explicitly suggests avoiding Defender/using alternate builds to reduce detections — a strong red flag for potential malware distribution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes explicit commands that require sudo (systemctl, dpkg, apt installs) and advises bypassing security protections (temporarily disabling Defender, using "Open Anyway" on macOS), which encourage modifying the host system state and circumventing safeguards.