install-isaacsim
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The install instructions explicitly run remote-fetching commands (e.g., "git clone https://github.com/isaac-sim/IsaacSim.git" followed by executing ./build.sh, and pip installs that use https://download.pytorch.org/whl/cu128 and https://pypi.nvidia.com), which will download and execute or install remote code at runtime, so these URLs are runtime external dependencies that can execute code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged because the skill instructs running multiple privileged system operations (e.g., sudo apt-get install, sudo usermod -aG docker, sudo systemctl enable, installing packages and services, and using sudo for build dependencies) that modify system files, services, and user/group memberships and therefore require elevated privileges.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata