claude-code-notifications

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime installation step ("brew tap moltenbits/tap && brew install growlrrr") fetches and installs remote code from the growlrrr repository (https://github.com/moltenbits/growlrrr / moltenbits/tap), which is a required dependency and results in executing externally sourced code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill explicitly instructs removing the macOS quarantine flag (xattr -cr /Applications/growlrrr.app) and installing an unsigned third‑party app from a tap, which amounts to bypassing macOS security protections and thus poses a notable risk to the host state.