alchemy-ci-integration
Warn
Audited by Snyk on Apr 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The workflow invokes external GitHub Actions (e.g., actions/checkout at https://github.com/actions/checkout and actions/setup-node at https://github.com/actions/setup-node) and runs npm commands that fetch packages from the npm registry (e.g., https://registry.npmjs.org) during CI runtime, which cause remote code to be fetched and executed as required dependencies.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly for Alchemy-powered Web3 CI/CD and includes concrete blockchain tools and secrets: an ALCHEMY_API_KEY, a DEPLOYER_PRIVATE_KEY, and a Hardhat deploy step (npx hardhat run ... --network sepolia). Those elements enable signing and sending on-chain transactions (contract deployment) via a specific crypto/web3 integration rather than a generic tool, so it provides direct crypto transaction execution capability.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata