skills/ethpandaops/panda/install-panda/Snyk

install-panda

Fail

Audited by Snyk on Mar 24, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.90). Directly piping a raw GitHub shell script to bash is high-risk because it executes code from a repository (raw.githubusercontent.com/ethpandaops/panda/master/install.sh) without review—raw .sh downloads can contain arbitrary/malicious commands, so inspect the script and verify the repo before running.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill instructs runtime execution of remote code via curl -fsSL https://raw.githubusercontent.com/ethpandaops/panda/master/install.sh | bash, which fetches and immediately runs external code and is required for installation.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

Mar 24, 2026, 09:56 PM

Issues

2