alibabacloud-adb-openclaw-insight
Fail
Audited by Snyk on May 14, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 1.00). High risk: this is a direct link to an install.sh shell script on a third‑party domain (astral.sh) intended to be run via curl | sh, which grants arbitrary remote code execution and cannot be trusted without verifying the script's contents and publisher.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The README/Quick Start instructs fetching and executing remote code (git clone https://github.com/aliyun/alibabacloud-adb-mysql-mcp-server followed by running the repo's Python modules, and curl -LsSf https://astral.sh/uv/install.sh | sh) which downloads external code that is then executed and is required to run the skill.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata