oc
Fail
Audited by Snyk on Jul 6, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). This is a direct git/pip install from a GitHub repo owned by an unfamiliar/short username (Q00), which can deliver arbitrary executable Python code during installation and lacks clear trust signals, so it is suspicious.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's setup explicitly instructs installing and running the required "oc" CLI by fetching remote code from git+https://github.com/Q00/openclip (via pip/git), which downloads and will execute remote code that the skill depends on at runtime.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata