amq-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Suspicious: it is a direct raw GitHub URL to a shell install script in a personal repo (curl | bash style install), which is a common vector for malware and should be reviewed before executing rather than run blindly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's prerequisite installs the required amq binary at runtime with a remote shell execution command (curl -fsSL https://raw.githubusercontent.com/avivsinai/agent-message-queue/main/scripts/install.sh | bash), which fetches and executes remote code and is a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt recommends running a remote install script (curl | bash) and includes example flags that explicitly bypass permissions and sandboxing, which encourages modifying the local environment and circumventing security controls even though it doesn't request sudo or create users.