dexter

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] Overall, the fragment is largely coherent with the stated purpose of an autonomous financial research agent, providing installation, configuration, and usage guidance that enables real behavior (API calls to financial data services, LLM-based planning/execution). However, several signals raise suspicion from a supply-chain security perspective: (a) explicit model patching to a non-default, possibly vendor-provided Claude model, (b) heavy reliance on multiple external API keys and services with no in-repo secret management, (c) patching of internal scripts that could diverge from documented behavior, and (d) potential exposure risk if credentials are leaked via logs or version control. While not proving malicious intent, the footprint is above a minimal, tightly-scoped skill and warrants careful review of trust boundaries, secret management, and dependency provenance. Suspicious rather than clearly benign due to credential handling and runtime model manipulation patterns. LLM verification: The Dexter skill matches its stated purpose and interfaces with expected external services (LLM and market-data providers). There is no direct evidence of malicious code in the supplied documentation, but multiple supply-chain and operational risks exist: cloning an individual GitHub repo, unpinned dependencies with bun install, plaintext credential storage under a root path, and an instruction to patch source code. Treat the package as untrusted until an audit is performed: inspect package scri