cloudbase

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires configuring/using MCP which runs remote packages (e.g., via npx @cloudbase/cloudbase-mcp@latest) and explicitly directs the agent to fetch the standalone skill source at runtime from the raw URL https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/SKILL.md, meaning external content would be fetched and can directly control prompts or execute code.