mcp-openmsx-usage

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). Flagged because the installation example uses "npx -y @nataliapc/mcp-openmsx", which fetches and executes a remote npm package at launch (runtime) and the skill relies on that MCP server to operate, meaning remote code is fetched-and-run as a required dependency.