skills/justintravala/travel-skills/search-hotel/Snyk

search-hotel

Warn

Audited by Snyk on Apr 29, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill requires executing remote code at runtime via the npx invocation "npx @tvl-justin/travel-cli@latest" (it fetches and runs the @tvl-justin/travel-cli package from npm), which is a required external dependency that executes remote code.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 29, 2026, 02:42 AM

Issues

1