skills/bcastelino/agent-skills-kit/uv-package-manager/Snyk

uv-package-manager

Warn

Audited by Snyk on Apr 1, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions include runtime commands that fetch and execute remote scripts (e.g., curl -LsSf https://astral.sh/uv/install.sh | sh and powershell -c "irm https://astral.sh/uv/install.ps1 | iex"), which would run remote code and are presented as ways to provision the required uv tool.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 1, 2026, 03:42 AM

Issues

1

Security Audit — snyk — uv-package-manager