omega-claude-cli

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill may spawn "npx -y @anthropic-ai/claude-code" at runtime (which fetches and executes the @anthropic-ai/claude-code package from the npm registry — e.g. https://registry.npmjs.org/@anthropic-ai/claude-code or https://www.npmjs.com/package/@anthropic-ai/claude-code), so remote code fetched at runtime can execute and directly control the prompts sent to Claude CLI and is relied on as a fallback dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs using --dangerously-skip-permissions and states it "allows all tool execution," which directs the agent to bypass permission checks and thus enables potentially state-changing, privileged actions on the machine.