skills/aradotso/devtools-skills/officecli-office-automation/Snyk

officecli-office-automation

Fail

Audited by Snyk on May 16, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.80). These links point to an unverified GitHub repo/releases plus raw install scripts (install.sh/install.ps1) and external endpoints (ara.so, Discord invite), and piping/downloading and executing remote scripts or binaries from an unknown source is a common malware distribution vector.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). Flagged because the installation commands fetch and execute remote scripts at runtime (curl -fsSL https://raw.githubusercontent.com/iOfficeAI/OfficeCLI/main/install.sh | bash and irm https://raw.githubusercontent.com/iOfficeAI/OfficeCLI/main/install.ps1 | iex), which runs remote code and is presented as the required way to install the OfficeCLI binary.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

May 16, 2026, 04:51 PM

Issues

2