download-anything

Fail

Audited by Snyk on Jul 2, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). Yes — the list mixes legitimate, low‑risk sites (Spotify, YouTube, Homebrew/Chocolatey install pages, known APIs) with multiple high‑risk patterns commonly used to deliver malware: direct .iso/executable links on unknown mirrors, Google Drive/OneDrive direct-download URLs, GitHub releases/raw URLs that can host binaries or install scripts from unvetted accounts, URL shorteners (bit.ly) that hide destinations, and generic/self‑hosted endpoints (YOUR-INSTANCE, localhost RPC) which could be abused — so the overall set should be treated as suspicious unless each source and publisher is verified.

Issues (1)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 2, 2026, 09:24 AM
Issues
1
Security Audit — snyk — download-anything