byted-bytehouse-slow-query

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime launches uvx with a --from pointing to git+https://github.com/volcengine/mcp-server@main#subdirectory=server/mcp_server_bytehouse, which will fetch and run remote repository code at runtime to provide the mcp_bytehouse tool that the skill depends on—i.e., it executes remote code and directly controls the agent's tool behavior.