pp-splitwise

Warn

Audited by Snyk on Jun 21, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill includes explicit install commands that fetch and build remote code at runtime (go install github.com/mvanhorn/printing-press-library/library/payments/splitwise/cmd/splitwise-pp-cli@latest and go install github.com/mvanhorn/printing-press-library/library/payments/splitwise/cmd/splitwise-pp-mcp@latest), which would execute remote code as a required fallback dependency if the CLI/MCP is installed during agent runtime.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 07:23 PM
Issues
1
Security Audit — snyk — pp-splitwise