looper-looper

Fail

Audited by Snyk on Jul 3, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). The raw.githubusercontent.com links host install/uninstall shell scripts (direct runnable code) which are high-risk to execute without review, while the rest are a GitHub repo, a documentation/placeholder domain (code.example.com), and a webhook endpoint referenced in the docs — none are obfuscated redirects or obvious typosquats, but the presence of direct .sh installers means this set should be treated as potentially risky until the repo and scripts are verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 3, 2026, 06:26 PM
Issues
2
Security Audit — snyk — looper-looper