skills/solid-company/solid-jobs-skills/jobs-track/Snyk

jobs-track

Fail

Audited by Snyk on Jun 17, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.90). These URLs point to raw GitHub scripts that the skill instructs users to execute directly via curl|bash and irm|iex (remote install scripts) — a high-risk pattern because running remote .sh/.ps1 from a repository (especially one that may be little-known) can deliver arbitrary code.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill's fallback installer commands fetch and execute remote scripts at runtime (curl -fsSL https://raw.githubusercontent.com/solid-company/solid-jobs-skills/main/scripts/install-sjctl.sh | bash and irm https://raw.githubusercontent.com/solid-company/solid-jobs-skills/main/scripts/install-sjctl.ps1 | iex), which runs remote code required for the tool to operate.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

Jun 17, 2026, 02:35 PM

Issues

2

Security Audit — snyk — jobs-track