asana
Warn
Audited by Snyk on Mar 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The mcporter setup explicitly runs "npx -y @roychri/mcp-server-asana", which will fetch and execute remote npm package code at runtime (effectively executing remote code the skill depends on), so this is a risky external dependency to flag.
Audit Metadata