skills/okx/plugin-store-community/e2e-node-cli/Snyk

e2e-node-cli

Fail

Audited by Snyk on Apr 5, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.70). This is potentially suspicious: it installs a Node package directly from a small/unknown GitHub repo (user yz06276) via a git URL, which can bundle or run arbitrary code (postinstall scripts/CLI code) and is not a well-known/verified package.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The pre-flight step runs "npm install -g git+https://github.com/yz06276/e2e-node-cli#d5d2c600c06d427368c21b9ed36ca2acf2e88793", which fetches and installs a remote npm package at runtime (and may execute install scripts), and the skill depends on that package to run the CLI—thus it executes remote code.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

Apr 5, 2026, 05:32 AM

Issues

2