officecli-pptx
Fail
Audited by Snyk on May 18, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). These are direct raw .sh and .ps1 installer scripts hosted on a third‑party GitHub repo—GitHub is legitimate, but piping or running unreviewed install scripts from an unverified repository is a common high‑risk malware vector unless the repo/maintainer and script contents are verified.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's "If officecli is not installed" setup instructs fetching and executing remote install scripts at runtime via curl https://raw.githubusercontent.com/iOfficeAI/OfficeCLI/main/install.sh | bash and PowerShell irm https://raw.githubusercontent.com/iOfficeAI/OfficeCLI/main/install.ps1 | iex, which directly executes remote code and is presented as a required dependency for the skill.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata