alibabacloud-adb-smart-analyst
Fail
Audited by Snyk on May 14, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.85). This URL is a direct link to a shell installer (install.sh) on a third‑party domain (astral.sh), and instructions to curl | sh are inherently risky unless the domain and script are verified—so treat it as suspicious until validated.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill documentation instructs installing 'uv' via a shell pipe that fetches and executes remote code ("curl -LsSf https://astral.sh/uv/install.sh | sh"), and the skill's runtime workflow relies on the 'uv' tool (uses "uv run …" to invoke its scripts), so this URL would fetch and execute remote code that the skill depends on.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata