AICash Miner

The skill bundle is classified as suspicious due to critical shell injection and arbitrary file write vulnerabilities in `scripts/setup.sh`. User-provided arguments such as `--api-key`, `--wallet`, `--endpoint`, and especially `--name` are used directly in `sed` commands and systemd service file creation without proper sanitization. This allows for remote code execution or arbitrary file writes (e.g., to `/etc/systemd/system/`) if crafted inputs containing shell metacharacters or path traversal sequences are provided. The `scripts/start.sh`, `scripts/status.sh`, and `scripts/stop.sh` scripts are also vulnerable to command injection if a maliciously named service was previously created via `setup.sh`.