competitor-teardown
Warn
Audited by Socket on Jul 7, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The stated purpose is plausible, but the skill's footprint depends on an unverified transitive installer (`npx skills add belt-sh/cli`) and routes core research through third-party Belt/inference-managed apps. The capabilities broadly fit competitor research, yet install trust and expanded data flow to intermediary services are not proportionate enough to treat as benign.
Confidence: 84%Severity: 82%
Audit Metadata