skills/okx/plugin-store-community/e2e-ts-cli/Snyk

e2e-ts-cli

Fail

Audited by Snyk on Apr 5, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.80). Installing directly from git+https://github.com/yz06276/e2e-ts-cli# pulls code from an unknown GitHub user/repo (bypassing npm registry vetting) and npm global installs can run arbitrary install scripts, so it is suspicious unless you trust or audit the repository.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight step runs "npm install -g git+https://github.com/yz06276/e2e-ts-cli#37403981deeeb6e836191daaecf38606ff9e430b", which fetches and installs remote code at runtime (executing external code) and is listed as a required dependency.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

Apr 5, 2026, 05:29 AM

Issues

2