vercel-xhttp-relay

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The guide instructs running remote install scripts at runtime—e.g. bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" and curl https://get.acme.sh | sh—which directly execute fetched code and are required for setup, so they present a high-risk external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the user/agent to install system packages, run an external install script, modify files under /etc (xray config and certs), restart/enable systemd services, and change firewall rules — all actions that require sudo and alter the machine state.