agent-tools
Fail
Audited by Snyk on Jul 10, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). These URLs include a direct installer script (curl | sh) and binary distribution endpoints (dist.inference.sh) — delivery channels for executables that can be abused to distribute malware if the source or served binaries are compromised, so they should be treated as potentially suspicious.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill instructs running curl -fsSL https://cli.inference.sh | sh and fetching https://dist.inference.sh/cli/manifest.json and https://dist.inference.sh/cli/checksums.txt to download and install binaries, which executes remote code as part of setup.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata