caam

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Both links point to a personal GitHub repository and a raw shell install script (curl ... | bash) from an unverified user; while raw.githubusercontent.com is legitimate hosting, piping an unknown .sh from an obscure account that manipulates OAuth/auth files and credentials is high-risk because it can steal or modify sensitive tokens and run arbitrary commands.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs modifying the machine state (install via curl|bash and a sudo mv to /usr/local/bin) and manipulates local auth files and symlinks (including ~/.ssh), which require elevated privileges or can meaningfully compromise the host if misused.