lightx2v-cli
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). These URLs point to an unknown project on a nonstandard domain plus a raw GitHub install script that the README instructs you to pipe directly into sh (curl ... | sh), which makes them moderately to highly suspicious because running an unaudited installer from an unfamiliar author can install malware or exfiltrate credentials.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The Quick Start/install steps run a remote installer via shell execution (curl -fsSL https://raw.githubusercontent.com/ModelTC/lightx2v-studio-cli/main/install.sh | sh), which fetches and executes external code at runtime and is a required dependency for the skill.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata