portless-ops
Warn
Audited by Snyk on Jun 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The included install script (scripts/install-portless.ps1) downloads and installs a remote npm tarball at runtime from "https://registry.npmjs.org/portless/-/portless-$Version.tgz" (and runs
npm install -g portless@$Version), which fetches and executes remote code as a required dependency for the skill.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs running actions that modify system state and require elevated rights — e.g., adding a CA to the system trust store (portless trust), starting a proxy on port 443, syncing /etc/hosts, and installing a boot service — which entail admin/sudo privileges and can change OS trust/host configuration.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata