paperclip-dev

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs runtime git operations (e.g., "git fetch origin && git pull origin master") against the repo git@github.com:paperclipai/paperclip.git and then invokes build/install commands (pnpm install && pnpm build), so remote repository content fetched at runtime can be executed on the host.