touchdesigner-mcp

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup script explicitly downloads the twozero.tox plugin from 404zero.com (e.g. https://404zero.com), which is a required runtime dependency that enables the MCP/td_execute_python interface and therefore allows execution of arbitrary Python inside TouchDesigner—constituting a high-confidence remote-code execution dependency.