miniprogram-development

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's mcporter configuration calls npx to run the remote package "@cloudbase/cloudbase-mcp@latest" (npx @cloudbase/cloudbase-mcp@latest), which will fetch and execute remote code at runtime as a required MCP dependency, so it is a runtime external dependency that executes remote code.