catime

Replace conditional download-and-install logic with explicit dependency declarations in a manifest file (package.json, requirements.txt). Verify checksums for any runtime downloads.

Likely FP if the conditional install is documentation showing standard prerequisite checks (e.g., checking if a tool is installed before installing it).

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.