running-tend
Warn
Audited by Snyk on Jun 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs downloading and executing a remote installer script from https://install.determinate.systems/nix (curl -fsSL ... -o /tmp/nix-installer.sh; sh /tmp/nix-installer.sh ...), which runs remote code at runtime to install Nix as a required dependency for the toolchain update.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill instructs running a system installer (curl ... sh to install Nix in daemon mode) which modifies the host environment and can require privileged/system-level changes, so it does push the agent to change machine state, though it does not explicitly ask for sudo, create users, or modify system configs like ssh/systemd.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata