docs-seeker

skills-sh:mrgoonie_claudekit-skills__docs-seeker

View source

92/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

92/100

MEDIUM 1

LOW 1

Findings (2)

MEDIUM

Remote SDK or script fetch as agent input EXTDL_002

external-download L76

Detects fetching remote documentation or code to load as agent context

WebFetch to retrieve  + https://context7.com/{org}/{repo}/llms.txt

FIX

Pin the SDK or script to a specific version and verify its checksum after download. Prefer installing SDKs via a package manager instead of fetching remote scripts directly.

FP?

Likely FP if the match is documentation showing how to install an official SDK (e.g., Google Cloud SDK, AWS CLI) from its canonical URL.

LOW

Global package installation EXTDL_004

external-download L100

Detects global installation of packages which affects the host system

npm install -g r

FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.