kuaipu-skill

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime installs (kuaipu-skill.sh check_deps) call pip to fetch packages from PyPI (e.g., selenium/webdriver_manager/ddddocr via https://pypi.org) and the Python code uses webdriver_manager.ChromeDriverManager().install() which downloads a ChromeDriver binary (e.g., from https://chromedriver.storage.googleapis.com) — these runtime fetches install and execute remote code and are required for the skill to run.