Skills
skills/zubair-trabzada/ai-agency-claude/agency-stack/Snyk

agency-stack

Fail

Audited by Snyk on Apr 29, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). These are raw .sh install scripts hosted under a personal/unknown GitHub account (raw.githubusercontent.com links) and are intended to be run (curl | bash), which is high risk because such scripts execute arbitrary commands and may come from low-vetting/typosquat or malicious repositories.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill itself only performs local filesystem checks and reporting, but it embeds explicit curl | bash install commands that fetch and execute remote scripts from unverified GitHub repositories — a high-risk supply‑chain / remote‑code‑execution vector that could enable backdoors or data exfiltration depending on upstream code (the skill text does not itself show direct exfiltration or credential theft).

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 29, 2026, 10:41 PM
Issues
2