frame-builder

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] Functionally the skill appears to implement its stated purpose (wallet creation, token launch, IPFS upload, heartbeats, and claims). However there are significant supply-chain and operational risks: automatic silent updates (git pull + npm install) and agent execution of commands read from user-editable HEARTBEAT.md present realistic remote code execution and credential-exfiltration vectors. Storing raw private keys on disk increases local risk. I find no direct evidence of intentionally malicious code in the manifest, but the combination of auto-update and unverified third-party network endpoints makes this skill SUSPICIOUS for production use without additional safeguards (code-signing, manual update approval, encrypted key storage, and auditing of git remotes). LLM verification: The skill's stated purpose (manage and launch EVM tokens, upload metadata, heartbeat monitoring) matches its documented capabilities, but it contains supply-chain and credential-management risks. The most concerning issues are automated 'git pull && npm install' during heartbeat cycles (a remote-to-local code execution vector) and creation of an unencrypted private key file (~/.evm-wallet.json). Those factors make this skill SUSPICIOUS: the provided documentation does not demonstrate adequate pr