5dive-cli

Warn

Audited by Socket on Jun 25, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is coherent with its stated purpose as a first-party multi-agent orchestration guide for a 5dive VM, and the known upstream project appears same-org and open source. However, it gives broad host-level control via `sudo`, can autonomously spawn and coordinate agents, forwards credentials into the CLI, and supports transitive skill installation, so overall security risk is medium-high even without clear malicious intent.

Confidence: 85%Severity: 66%
Audit Metadata
Analyzed At
Jun 25, 2026, 07:53 AM
Package URL
pkg:socket/skills-sh/5dive-ai%2Fskills%2F5dive-cli%2F@77ed0d65e8a06b4b0021e32b50c077030128d3889a652cf89b9cab4e37ebee6b
Security Audit — socket — 5dive-cli