5dive-cli
Warn
Audited by Socket on Jun 25, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill is coherent with its stated purpose as a first-party multi-agent orchestration guide for a 5dive VM, and the known upstream project appears same-org and open source. However, it gives broad host-level control via `sudo`, can autonomously spawn and coordinate agents, forwards credentials into the CLI, and supports transitive skill installation, so overall security risk is medium-high even without clear malicious intent.
Confidence: 85%Severity: 66%
Audit Metadata