nodejs-use

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains runtime installer commands that fetch-and-execute remote shell scripts (curl https://get.volta.sh | bash and curl -fsSL https://fnm.vercel.app/install | bash), which would download and run remote code required to install Volta/fnm and thus can execute code at skill runtime.