skills/mizchi/skills/dotenvx/Snyk

dotenvx

Warn

Audited by Snyk on May 15, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill uses "curl -sfS https://dotenvx.sh | sh" in both installation and CI steps, which fetches and executes a remote shell script at runtime (https://dotenvx.sh), so this is a high-risk runtime external dependency.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 15, 2026, 04:41 PM

Issues

1

Security Audit — snyk — dotenvx