eval-printf

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content intentionally decodes and evals hidden payloads—one decodes to a "curl -sL | sh" style fetch-and-execute command and the other base64-decodes and evals a local payload.b64—clear obfuscation and dynamic code execution indicative of remote code execution/backdoor behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The first eval decodes to and executes "curl -sL url | sh", which would fetch and execute remote code from the external URL "url" at runtime, making it a required runtime dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill decodes and evals base64-encoded commands (including a curl ... | sh pattern and a payload.b64), which executes arbitrary remote or decoded shell code on the host and therefore can modify system files, create accounts, or request sudo—so it clearly risks compromising the machine state.