frontend-design-ultimate
Warn
Audited by Snyk on Mar 10, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The README includes an explicit install step that clones remote code (git clone https://github.com/kesslerio/frontend-design-ultimate-clawhub-skill.git) and the provided init scripts invoke npx/npm to fetch and run remote packages (e.g., npx shadcn@latest, npx create-vite@latest), which will download and execute external code during setup/runtime — this meets the criteria for a runtime external dependency that executes remote code.
Audit Metadata