pipes-orchestrator

[Skill Scanner] Natural language instruction to download and install from URL detected The skill is a legitimate orchestrator for indexer workflows and its capabilities align with its stated purpose. However, it prescribes multiple download-and-execute supply-chain patterns (unlocked npx @iankressin/pipes-cli@latest usage, reliance on a single raw GitHub JSON registry URL) and enforces automated execution ('NEVER manual', always use the CLI). These patterns create a meaningful supply-chain risk: if the CLI or registry is compromised, attackers could execute arbitrary code, alter generated projects, or harvest credentials supplied to downstream tools. I assess this as suspicious/vulnerable (not proven malware). Recommendations: require pinned versions, audit downloaded CLI code, allow manual review of generated files, avoid mandating a single external raw URL as authoritative, and avoid examples that use default passwords. LLM verification: This skill is functionally coherent with its stated purpose (orchestration of indexer-related tasks) but contains multiple supply-chain and execution risks. Key concerns: mandatory unpinned npx usage (@latest), enforced download-and-execute workflow, mandatory spawning of Task subagents (which may perform privileged network/system actions), and reliance on external raw GitHub and explorer endpoints without integrity checks. I assess this as SUSPICIOUS / VULNERABLE rather than overtly malicious.