5dive-cli

Warn

Audited by Socket on May 29, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill’s capabilities mostly match its stated purpose as a local multi-agent orchestration tool, but it is inherently high risk. It relies on a required but not publicly verifiable `5dive` CLI, uses privileged `sudo 5dive` operations, can forward credentials into that CLI, supports transitive child-skill installation, and enables autonomous coordination and chat replies across sibling agents. I do not see clear evidence of credential theft or covert exfiltration, so this is better classified as a high-risk vulnerable/orchestration skill rather than confirmed malware.

Confidence: 84%Severity: 82%
Audit Metadata
Analyzed At
May 29, 2026, 04:17 PM
Package URL
pkg:socket/skills-sh/5dive-com%2Fskills%2F5dive-cli%2F@05c1e746db0b787d4959bba445104037b62f8194
Security Audit — socket — 5dive-cli