dotnet-install
Warn
Audited by Snyk on Feb 26, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill contains explicit runtime commands that download and execute remote installer scripts—e.g., Invoke-WebRequest https://dot.net/v1/dotnet-install.ps1 then .\dotnet-install.ps1, curl/wget https://dot.net/v1/dotnet-install.sh, and the Homebrew installer https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh—which execute remote code when run.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit privileged operations (sudo dpkg/apt/dnf installs, extracting to /usr/local/share/dotnet, creating symlinks in /usr/bin, and modifying machine PATH/Environment) that instruct the agent to change system files and system state.
Audit Metadata