asset-harvester
Warn
Audited by Snyk on Jun 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's recommended one-shot install and manual install fetch and execute remote code during setup (e.g., git clone https://github.com/NVIDIA/asset-harvester.git followed by bash setup.sh, and the pip/git install git+https://github.com/nerfstudio-project/gsplat.git@b60e917c95afc449c5be33a634f1f457e116ff5e), so these URLs are runtime external dependencies that download and run remote code.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata