oracle

Fail

Audited by Snyk on Jul 4, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The document describes high-risk capabilities (copying a signed-in Chrome profile with Keychain decryption, uploading/bundling arbitrary files to remote models, and running a remote browser host) that enable credential access and remote data exfiltration/remote-control if abused.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill invokes the CLI via "npx -y @steipete/oracle", which fetches and executes remote npm package code at runtime and is a required/runtime dependency that can execute remote code.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 4, 2026, 04:21 PM
Issues
2
Security Audit — snyk — oracle