pp-etherpad
Fail
Audited by Snyk on May 18, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and instructs using a command that takes the access token as a direct CLI argument (
etherpad-pp-cli auth set-token YOUR_TOKEN_HERE), which encourages embedding secret values verbatim in agent-generated commands/outputs.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill directs installation of a required CLI by fetching and installing remote code (e.g., go install github.com/mvanhorn/printing-press-library/library/productivity/etherpad/cmd/etherpad-pp-cli@latest and via npx @mvanhorn/printing-press), which, if run by an agent at runtime, would download and build/execute third-party code that the skill depends on.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata