skills/ruvnet/ruflo/vector-cluster/Snyk

vector-cluster

Warn

Audited by Snyk on May 7, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs "npx ruvector@0.2.25" at runtime (which fetches and executes remote npm package code), so the external dependency ruvector@0.2.25 is executed and required by the skill.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 7, 2026, 03:18 PM

Issues

1