download-anything
Fail
Audited by Snyk on Jul 2, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). Yes — the list mixes legitimate, low‑risk sites (Spotify, YouTube, Homebrew/Chocolatey install pages, known APIs) with multiple high‑risk patterns commonly used to deliver malware: direct .iso/executable links on unknown mirrors, Google Drive/OneDrive direct-download URLs, GitHub releases/raw URLs that can host binaries or install scripts from unvetted accounts, URL shorteners (bit.ly) that hide destinations, and generic/self‑hosted endpoints (YOUR-INSTANCE, localhost RPC) which could be abused — so the overall set should be treated as suspicious unless each source and publisher is verified.
Issues (1)
E005
CRITICALSuspicious download URL detected in skill instructions.
Audit Metadata