skills/wshobson/agents/uv-package-manager/Snyk

uv-package-manager

Warn

Audited by Snyk on Apr 28, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill contains install-time commands that fetch and execute remote scripts (e.g., curl -LsSf https://astral.sh/uv/install.sh | sh and PowerShell "irm https://astral.sh/uv/install.ps1 | iex"), which clearly execute remote code at runtime.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 28, 2026, 10:10 AM

Issues

1