klipper-manager

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses the Moonraker API at http://:7125 (notably endpoints like /printer/gcode/script, /server/files/config/printer.cfg and /server/files/upload) at runtime to fetch configs, upload files, and send G-Code / firmware-restart commands—actions that execute remote code on the printer and are required for the skill to function.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs the agent to fetch, edit, upload/overwrite printer config files and to trigger firmware restarts and host-level reboot/shutdown via Moonraker (and offers to apply fixes automatically), which modifies the state of the host the agent runs on even though it does not request sudo or create users.