mthds-run

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). This is a direct link to an installer shell script on a single third‑party domain (pipelex.com) — piping/downloading and executing a remote .sh from an untrusted or unknown site is a high‑risk pattern commonly used to deliver malware.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to install the Pipelex runtime by fetching and piping an install script to a shell (curl -fsSL https://pipelex.com/install.sh | sh), which downloads and executes remote code and is required for the skill to run.