open-design
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's install steps explicitly run git clone https://github.com/nexu-io/open-design.git (and an npx install from https://github.com/akillness/jeo-skills), which fetch remote code that is then installed/executed locally (pnpm install / pnpm tools-dev run), so these URLs are runtime dependencies that execute remote code.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata