kairos-install

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's "no-clone" flow explicitly instructs downloading compose.yaml from https://raw.githubusercontent.com/debian777/kairos-mcp/main/compose.yaml at runtime (and also directs installing the npm package @debian777/kairos-mcp via npm/npx), which are remote fetches that the agent would use to start containers or install/run code — satisfying runtime fetch, execution impact, and required-dependency criteria.