Skills
skills/algiras/rusty-pageindex/rusty-page-indexer/Snyk

rusty-page-indexer

Fail

Audited by Snyk on Feb 15, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt instructs using API keys directly on the command line (e.g., rusty-page-indexer auth --api-key "sk-..." and "your-key"), which requires the agent to accept and embed secret values verbatim in generated commands/outputs, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Most URLs are legitimate API endpoints, but the instructive curl | bash that downloads a raw GitHub install.sh from an unknown/low‑profile repo is a high‑risk pattern (remote shell executed as root/interactive), so the overall package represents a moderate–high risk.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 09:53 PM