upload-and-share

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). These endpoints are for a third‑party public file‑hosting service (stableupload.dev/f.stableupload.dev) that accepts arbitrary uploads and the skill also instructs running an npm package via npx (remote code execution), so while not provably malicious they are suitable for distributing malware or malicious installers and should be treated as high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates running "npx agentcash@latest fetch https://stableupload.dev/api/upload" at runtime, which causes npx to download and execute the external agentcash npm package (i.e., remote code execution via the npx-installed package), so this is a runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform paid operations: it requires checking an on-chain/crypto wallet balance (USDC), provides deposit links and wallet addresses, and instructs the agent to execute purchases via the agentcash CLI (e.g., "npx agentcash@latest fetch https://stableupload.dev/api/upload -m POST ..." to buy upload/site slots and "npx agentcash@latest balance/accounts" for funding). These steps perform micropayments and renewals (tier-based buys), i.e., sending transactions to pay for upload/site slots. This is not a generic HTTP or browser tool — it explicitly directs and automates financial transactions. Therefore it grants Direct Financial Execution Authority.