funsloth-local

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN: The material functions as a local GPU training manager/documentation. No malicious data flows or covert exfiltration detected within the provided material. The main risk arises from credential exposure in documentation if users copy-paste examples directly. Recommend improving secret-management guidance and Docker security posture to reduce exposure risk. LLM verification: This SKILL.md is primarily documentation for local GPU training and does not itself contain executable code that is obviously malicious. However, it instructs users to install multiple unpinned third-party packages, pull a Docker image, and use default weak passwords and unspecified upload tooling. Those practices increase supply-chain and credential exposure risk. There is no clear evidence of intentionally malicious code in the provided file, but the guidance and unspecified tools (unsloth pac