skills/ruvnet/claude-flow/vector-cluster/Snyk

vector-cluster

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill invokes npm/npx to fetch and run ruvector@0.2.25 at runtime (e.g., "npm install ruvector@0.2.25" and "npx -y ruvector@0.2.25 ..."), which downloads and executes remote package code from the npm registry (ruvector@0.2.25), so it is a required external code-execution dependency.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 13, 2026, 01:23 PM

Issues

1

Security Audit — snyk — vector-cluster