skills/pendig/rutebayar-agent-contributor/rutebayar-agent-contributor/Snyk

rutebayar-agent-contributor

Fail

Audited by Snyk on Jun 4, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.70). Most URLs point to a consistent open-source project (GitHub, project site, skills.sh, badges) and non-executable docs, but there is a direct raw GitHub shell script (install.sh) and README guidance to curl|bash that create a runnable download/execute vector — a moderate-to-high risk unless you verify the repo and inspect the script first.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill's install instructions include a curl -fsSL https://raw.githubusercontent.com/pendig/rute-bayar/main/scripts/install.sh | bash command which fetches and executes remote code at runtime (install script) as an installation option for the required rutebayar CLI.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

Jun 4, 2026, 07:49 PM

Issues

2

Security Audit — snyk — rutebayar-agent-contributor