motion

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — these are direct .sh install scripts on an unverified domain (and the prompt recommends piping curl to bash), which is a common and high-risk vector for distributing malware from an untrusted source.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Install and setup lines instruct running remote installers (curl -sSL https://canifi.com/skills/motion/install.sh | bash and curl -sSL https://canifi.com/install.sh | bash), which fetch and execute remote code at runtime and are required for installing the skill, so they pose a direct code-execution risk.