skill-finder

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content poses high risk: it instructs automatic discovery, fetching, local installation, and immediate execution of arbitrary third‑party skills (via npx and raw file fetches) without explicit user consent, creating strong supply‑chain, remote code execution, and post‑install malware vectors even though no explicit exfiltration code is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill actively queries the public registry at https://claude-plugins.dev/api/skills, uses WebFetch to retrieve registry results and raw skill files (e.g., raw.githubusercontent.com), and performs WebSearch/WebFetch on public documentation—so it ingests and interprets untrusted, user-generated third‑party web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses WebFetch at runtime to query https://claude-plugins.dev/api/skills?q= and then fetches skill content via the returned rawFileUrl (e.g., https://raw.githubusercontent.com/...), which injects remote SKILL.md/scripts that directly control agent instructions or can be installed/executed—hence a runtime external dependency controlling prompts/code.