rlm
Warn
Audited by Snyk on Feb 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The README instructs running curl -fsSL https://raw.githubusercontent.com/BowTiedSwan/rlm-skill/main/install.sh | bash which fetches and executes a remote install.sh that in turn downloads rlm.py (https://raw.githubusercontent.com/BowTiedSwan/rlm-skill/main/rlm.py) — remote code is fetched and executed and rlm.py is a required runtime dependency for the skill.
Audit Metadata