health

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The health scripts call npx (e.g., "npx skills path tw93/Waza" and the suggested installer "npx skills add tw93/Waza -a claude-code -g -y"), which can fetch and run remote package code at runtime and the collector falls back to that package for required helper scripts, so this is a runtime external dependency that can execute remote code.