python-uv-acceleration

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). While github.com/astral-sh/uv and the astral.sh domain appear to be the official project sources, the skill instructs executing remote install scripts (install.sh / install.ps1) and using arbitrary package indexes — running unverified remote scripts and using non-official indexes are meaningful supply‑chain risks and could be used to distribute malware if the host or repo were compromised or spoofed.