novu-connect-agent
Fail
Audited by Snyk on Jun 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask users to paste Slack App / Telegram bot tokens into chat (the "in_chat" fallback) and then include those secrets verbatim as environment variables and CLI flags (--slack-config-token / --telegram-bot-token), which requires the LLM to handle and output secret values directly.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill runs "npx novu@latest connect …" at runtime, which fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/novu), and that remote CLI controls the Connect flow and outputs the handoff URLs the agent relies on, so this is a required runtime-executed external dependency.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata