query

Fail

Audited by Snyk on Jul 2, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The wrapper auto-downloads and installs executable archives from a remote CDN and periodically auto-updates/executes them without any cryptographic signature or checksum verification, creating a high-risk supply-chain / remote-code-execution avenue for malicious payloads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 2, 2026, 02:20 AM
Issues
2
Security Audit — snyk — query