windows-use
Warn
Audited by Snyk on May 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's install-binaries.ps1 fetches required executables at runtime which are then executed (wmctrl.exe and xdotool.exe) from the raw GitHub URLs https://github.com/ebranlard/wmctrl-for-windows/raw/master/_bin/wmctrl.exe and https://github.com/ebranlard/xdotool-for-windows/raw/master/_bin/xdotool.exe, so remote code is downloaded and run as a required dependency.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata