solana
Warn
Audited by Snyk on Jul 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). Yes — ENVIRONMENT.md instructs runtime download-and-execute of remote code (e.g., curl https://release.anza.xyz/stable/install -o /tmp/solana-install.sh followed by sh /tmp/solana-install.sh) and also pulls platform-tools from https://github.com/anza-xyz/platform-tools/releases/... and clones https://github.com/blueshift-gg/quasar which are fetched and executed at runtime as required toolchain dependencies.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata