worldbook

[Skill Scanner] URL with free hosting platform or high-abuse TLD detected All findings: [HIGH] supply_chain: URL with free hosting platform or high-abuse TLD detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN: The Worldbook CLI tool appears to provide a coherent, safe workflow for querying and retrieving world knowledge with standard installation and usage patterns. No credential handling or covert data exfiltration is evident in the fragment. To maintain security, ensure source verification, dependency pinning, and explicit user consent for any agent-driven execution of subsequent commands based on retrieved content. LLM verification: This skill's description and installation instructions are plausible for a 'knowledge base CLI', but they lack essential safeguards for a workflow that grants remote text the ability to drive agent actions. The primary risks are supply-chain and operational: unpinned installs, execution of remote-sourced instructions without integrity checks, and potential credential/command-execution abuse by malicious worldbook entries. I rate this as SUSPICIOUS/vulnerable (not confirmed malware). Recommend: p