5dive-cli
Warn
Audited by Socket on May 29, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the skill’s capabilities mostly match its stated purpose as a local multi-agent orchestration tool, but it is inherently high risk. It relies on a required but not publicly verifiable `5dive` CLI, uses privileged `sudo 5dive` operations, can forward credentials into that CLI, supports transitive child-skill installation, and enables autonomous coordination and chat replies across sibling agents. I do not see clear evidence of credential theft or covert exfiltration, so this is better classified as a high-risk vulnerable/orchestration skill rather than confirmed malware.
Confidence: 84%Severity: 82%
Audit Metadata