base44-remote-dev

Warn

Audited by Snyk on Jun 30, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly uses the runtime MCP API endpoint https://app.base44.com/mcp (registered with "claude mcp add" and used for tool calls) which exposes run_command to execute arbitrary shell commands in the sandbox, and also references a public readme URL (https://app.base44.com/api/sandbox/<APP_ID>/local-agent/readme.md) that an agent can fetch at runtime to drive its behavior, so external content is used at runtime to execute code and to control prompts.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 01:18 PM
Issues
1
Security Audit — snyk — base44-remote-dev